Elog filter rule set fault caused can not receive SYS-LOG

Problem phenomena：3 E1000E firewall，use elog manage firewall dialog and syslog，when installing，can check dialog of firewall. Then staff check syslog of firewall elog，found 2 of 3 firewall syslog（E1000E-1 and E1KVPN）can not found out，but can check dialog 

none

1 soon after elog startup，user set firewall syslog filter policy in elog，filtrate syslog of E1000E-1，background run record as follows. （As most early elog background record is 8.23，so list since 8.23）

2011-08-23 20:41:00,000 INFO  0x00000734 LogCollector - [ESFilterMgr::printFilteLogNum] Number filte eudemon syslog every minute: 12
2011-08-24 00:00:00,000 INFO  0x00000734 LogCollector - [ESFilterMgr::printFilteLogNum] Number filte eudemon syslog every minute: 12
2011-08-28 12:10:00,000 INFO  0x00000734 LogCollector - [ESFilterMgr::printFilteLogNum] Number filte eudemon syslog every minute: 12
2011-08-29 00:00:00,000 INFO  0x00000734 LogCollector - [ESFilterMgr::printFilteLogNum] Number filte eudemon syslog every minute: 12
2011-08-31 09:56:00,000 INFO  0x00000734 LogCollector - [ESFilterMgr::printFilteLogNum] Number filte eudemon syslog every minute: 16
2011-08-31 18:58:00,000 INFO  0x00000734 LogCollector - [ESFilterMgr::printFilteLogNum] Number filte eudemon syslog every minute: 10
2011-08-31 18:59:00,000 INFO  0x00000734 LogCollector - [ESFilterMgr::printFilteLogNum] Number filte eudemon syslog every minute: 0
2011-08-31 19:00:00,000 INFO  0x00000734 LogCollector - [ESFilterMgr::printFilteLogNum] Number filte eudemon syslog every minute: 0

Above run record，means at last minute，in syslog of elog received，how many log been filtered，one minute record once。We can see，from 8.23 to 2011-08-31 18:58:00 12 syslog been filtered every minute，after that，never has a syslog been filtered，because at 2011-08-31 18:58，we delete E1000E-1 off elog，elog can not receive its syslog. at the same time，will delete corresponding filter policy of this equipment，so，add it again，will not filter its syslog，and can check its syslog  
2 about filter policy
Elog filter policy has 2， overall filter policy and partial filter policy
overall filter policy：admin log on，configuration in effect for all of equipments
Partial filter policy：operator log on，need to set given equipment，just in effect for chose equipment

1 check firewall configuration of sys-log，normal
2 check firewall interzone policy configuration，normal
3 check firewall communication to elog，normal
4 check elog configuration，in filter policy configuration has faults

Cancel all of overall filter policy and partial filter policy，then will not filtrate dialog