Some outbound firewall rules are based on a domain name rather than an IP address. In this case, the data that is logged has only the IP address, not the domain name. My new feature request is to add the domain name to the data that is logged. Or, better still, add the name of the outbound firewall rule to the data that is logged. Thank you.
Sample log entry for an outbound firewall rule:
Denied CONN=lan SRC=192.168.32.191 DST=18.104.22.168 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=30480 DF PROTO=TCP SPT=64805 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x3