Override Settings Inherited from Continue Rule(s)
|
When selected, overrides settings defined in Continue rules higher up in the policy. |
Log Level
|
Select one of these options:
- None — Does not create any log entry.
- Transient — Creates a log entry that is displayed in the Current Events mode in the Logs view, but is not stored.
- Stored — Creates a log entry that is stored on the Log Server.
- Essential — Creates a log entry that is shown in the Logs view and saved for further use.
- Alert — Triggers the alert you select.
|
Alert
|
When the Log Level is set to Alert, specifies the Alert that is sent. |
Severity
|
When the Log Level is set to Alert, allows you to override the
severity defined in the Alert element. |
Connection Closing
|
Select one of these options:
- No log — No log entries are created when connections are closed.
- Normal log — Both connection opening and closing are logged, but no information is collected on the volume
of traffic.
- Log Accounting Information — Both connection opening and closing are logged and information on the volume
of traffic is collected. The Connection Closing option is not available for rules that issue Alerts.
If
you want to create reports that are based on traffic volume, you must select this option for all rules that allow traffic that you
want to include in the reports.
If you want to forward log data in the NetFlow or IPFIX format from the Log Server to a third-party device, you must select this
option in the rule that creates the log data.
|
Compress Logs |
When enabled, creates a single log entry that contains information about the total number of the generated log entries when the limits defined in the Max Log
Rate or Max Burst Size are reached. After the single log entry is created, logging returns to normal and all generated entries are logged and shown separately.
- Don't Compress — Log compression is disabled.
- Compress only Access Logs — Only logs generated by Access rules are compressed.
- Compress also Inspection Logs — Logs generated by Access rules and Inspection rules are compressed.
|
Max Log Rate |
The maximum number of separately logged entries per second. |
Max Burst Size |
The maximum number of separately logged entries. |
Logging Enforcements |
Options that control what information is included in the log data. |
Log User Information
|
- Inherited from Continue Rule(s) — Information is
included in the log data according to settings defined in Continue rules higher up in the policy.
- Default — Information about Users is included in the log data if information about the User is cached for the connection. Otherwise, only the IP address
associated with the User at the time the log is created is included in the log data. Access control by user must be enabled.
- Off — Information about Users is not included in the log data.
- Enforced — Information about Users is always included in the log data if information about the User is available in the user database. If information about
the User is not cached for the connection, the NGFW Engine resolves the User information from the IP address. Access control by user
must be enabled.
|
Log Network Applications
|
Other TLS traffic is decrypted only if an Access rule enables decryption and there is no TLS Match with the Deny Decrypting option that excludes the traffic from TLS Inspection.
|
Log URL Categories |
Enables the logging of the URL categories that the traffic matches.
- Inherited from Continue Rule(s) — Information is
included in the log data according to settings defined in Continue rules higher up in the policy.
- Default — URL categories are included in the log data for matching traffic when URL Categories are used as
matching criteria in the rule.
- Off — URL categories are not included in the log data.
- Enforced — URL categories are always included in the log data if the URL category can be identified.
|
Log Endpoint Information
|
Enables the logging of endpoint information.
- Inherited from Continue Rule(s) — Information is
included in the log data according to settings defined in Continue rules higher up in the policy.
- Default — Endpoint information is included in the log data for matching traffic when endpoint information
is used as matching criteria in the rule.
- Off — Endpoint information is not included in the log data.
- Enforced — Endpoint information is always included in the log data if the endpoint information can be
identified.
|
Store Additional Protocol Details
|
- Inherited from Continue Rule(s) — Additional protocol details are included in the log data for matching traffic according to settings defined in Continue
rules higher up in the policy.
- On — Additional protocol details are included in the log data for matching traffic.
- Off —Additional protocol details are not included in the log data.
|