Define logging options for Inspection rules

Inspection rules can create a log or alert entry each time they match.

By default, an Inspection Policy uses the logging options set in a previous Exception rule with Continue as its action. If no such rule exists, Firewalls, Virtual Firewalls, Layer 2 Firewalls, and Virtual Layer 2 Firewalls log connections by default. IPS engines and Virtual IPS engines do not log connections by default.

Each individual Inspection rule can be set to override the default values of the engine role.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Switch to the Inspection tab.
  2. Click the Logging setting of a rule and select Logging Options.
  3. Set the options.
    Note: Storing or viewing the packets’ payload can be illegal in some jurisdictions due to laws related to the privacy of communications.

Logging - Select Logging Options dialog box (Inspection rules)

Use this dialog box to define logging options for global Inspection rules.

Option Definition
Override Settings Inherited from Continue Rule(s) When selected, overrides settings defined in Continue rules higher up in the policy.
Log Level Select one of these options:
  • None — Does not create any log entry.
  • Transient — Creates a log entry that is displayed in the Current Events mode in the Logs view, but is not stored.
  • Stored — Creates a log entry that is stored on the Log Server.
  • Essential — Creates a log entry that is shown in the Logs view and saved for further use.
  • Alert — Triggers the alert you select.
Alert When the Log Level is set to Alert, specifies the Alert that is sent.
Recording
Excerpt Stores an excerpt of the packet that matched. The maximum recorded excerpt size is 4 KB. This option allows you to quickly view the payload in the Logs view.
Store Additional Protocol Details
  • Inherited from Continue Rule(s) — Additional protocol details are included in the log data for matching traffic according to settings defined in Continue rules higher up in the policy.
  • On — Additional protocol details are included in the log data for matching traffic.
  • Off —Additional protocol details are not included in the log data.
Record Records the traffic up to the limit you set in the Record Length field. This option allows storing more data than the Excerpt option.
Record Length Sets the length of the recording for the Record option in bytes.