Define logging options for Access rules
Access rules can create a log or alert entry each time they match.
By default, logging options set in a previous Access rule with Continue as its action are used. If no such rule exists, Firewalls, Virtual Firewalls, Layer 2 Firewalls, and Virtual Layer 2 Firewalls log the connections by default. IPS engines and Virtual IPS engines do not log the connections by default. Each individual rule can be set to override the default values.
Logging for the closing of the connection can be turned on or off, or on with accounting information. You must collect accounting information if you want to create reports that are based on traffic volumes.
When the Log Server is unavailable, log entries are temporarily stored on the engine. When the engine is running out of space to store the log entries, it begins discarding log data in the order of importance. Monitoring data is discarded first, followed by log entries marked as Transient and Stored, and finally log entries marked as Essential. The Alert entries are the last log entries to be discarded. The settings for storing the logs temporarily on the engine are defined in the engine's log spooling policy.
For more details about the product and how to configure features, click Help or press F1.
Steps
- Double-click the Logging cell.
- Set the options.
- Click OK.
Logging - Select Rule Options dialog box
Use this dialog box to define Access rule logging options.
Option | Definition |
---|---|
Override Settings Inherited from Continue Rule(s) | When selected, activates the settings and overrides the settings defined in Continue rules higher up in the policy. |
Log Level | Select one of these options:
|
Alert | When the Log Level is set to Alert, specifies the Alert that is sent. |
Severity | When the Log Level is set to Alert, allows you to override the severity defined in the Alert element. |
Connection Closing | Select one of these options:
|
Override Settings Inherited from Continue Rule(s) | When selected, activates the settings and overrides the settings defined in Continue rules higher up in the policy. |
Log User Information | Select one of these options:
|
Log Network Applications | Select one of these options:
Other TLS traffic is decrypted only if an Access rule enables decryption and there is no TLS Match with the Deny Decrypting option that excludes the traffic from TLS Inspection. |
Log URL Categories | Enables the logging of the URL categories that the traffic matches.
|
Log Endpoint Information |
Enables the logging of endpoint information.
|
Store Additional Protocol Details | When selected, traffic is sent to be inspected. Some additional log data might be generated. |