Hi Daniel, I have a problem about no_log option.
I found "Multiple Firewall drop events from same source" (rule id 4151 in firewall_rules.xml) alert but no "Firewall drop event" (rule id 4101) in alerts.log. When removing "<options>no_log</options>" line in rule id 4101, there are "Firewall drop event" alerts. In my opinion, no_log means log will not be logged in archives.log only. But I found no_log means log will not be logged in archives.log and alerts.log. What does it really mean? or I messed up someting??? Thanks, Worawit
