What happens when 'Log allowed traffic' is set to 'Security Events'?

When 'Log allowed traffic' is set to 'Security Events,' the configuration specifies that only particular security-related events are recorded. This typically includes actions associated with threats or suspicious activities, such as blocked traffic or detected malicious behavior. In this case, general allowed traffic, which does not pose a threat or does not meet the parameters for a security event, is not logged. This design ensures that the logging system focuses on meaningful security-related data rather than overwhelming the administrator with logs of all allowed network traffic, which may not provide pertinent information for monitoring security posture or diagnosing issues.

In this context, logging is targeted to enhance security visibility without cluttering the logs with benign traffic data. This allows for more efficient log management and the identification of genuine threats without sifting through extensive records of non-threatening allowed traffic.