(1) From the parameter in command ” display logbuffer”, we can that there are actually many log types:
From the product documentation of USG5500, we can see :
sec-log, av-log, and ips-log are attack defense logs and are stored in attack defense log buffer. Other logs are stored in the system log buffer.
Confirmed with R&D, I found that the “Allowed max buffer size” in the command “display logbuffer” includes attack defense logs and Other logs.
(2) Check the attack defense logs one by one, and I found that the “Allowed max buffer size” for attack defense logs is 512. And now there are 3 messages.
(3) Checked the command logs which are stored in the system log buffer, and I found that number of the logs reached the the “Allowed max buffer size”. That’s why the newer logs over wrote the older ones .
As a result, from the above analysis, even though the number in the command “display logbuffer” is a little confused, but it’s normal.