Select Action Filter This filter specification can be used to select only the firewall events that were permitted or denied. This parameter contains the action that should selected: denied Select only denied events. permitted Select only permitted events. - This is also a possible action when we can't determine from the log information if this event was denied or permitted. $action_match events