What should the SysOps administrator do to ensure that all traffic is logged?
Create a new flow log that has a filter setting to capture all traffic.
Create a new flow log. Set the log record format to a custom format. Select the proper fields to include in the log.
Edit the existing flow log. Change the filter setting to capture all traffic.
Edit the existing flow log. Set the log record format to a custom format. Select the proper fields to include in the log.
Explanations:
Creating a new flow log with a filter set to capture all traffic will ensure that both accepted and rejected traffic are logged.
Changing the log record format or selecting custom fields does not affect the traffic filter setting and thus does not capture rejected traffic.
Existing flow logs cannot be edited to change the filter settings; a new flow log must be created for any filter adjustments.
Adjusting the log record format or fields in the existing flow log will not capture rejected traffic unless the filter is set to “all,” which requires a new log creation.