Ok so, I have recently enabled log-pair-packets on signatures without changing the ip-log defaults, which from all documentation and posts in this forum reads that it defaults to 0 packets, 30 minutes, 0 bytes. But when I look at iplog-status at the CLI, I see that all ip logging on these event-triggered logs are
any length bytes/packets
30 second (not minutes!) exactly
my question is if the documentation is wrong? Also the documentation says after any 1 condition is met then it will stop logging, but if bytes = 0 and packets = 0, wouldn't that mean it wouldnt log at all? Or does that mean it does not check that parameter.
I can always do a test scenario myself, but I wanted to ask the community first if they have also found that the documentation is wrong in saying 30 minutes and it being really 30 seconds. Thanks in advance!