Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 1460 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is there a way to capture the exception list name in the logs?

Ashley A

While looking through Web Filtering logs in our UTM it provides a lot of information but does not appear to list the name of the exception list that its using to pass traffic. Is there a way to capture this data? It would be great to be able to filter on rule name when viewing logs. 



This thread was automatically locked due to age.
Parents
  • 0

    Exceptions are cumulative.   The exception configuration for any single website may be derived from multiple Exception objects.   Instead the exceptions="list" token identifies all of the exceptions that were applied.   I think the complete list of tokens is:

    av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience

Reply
  • 0

    Exceptions are cumulative.   The exception configuration for any single website may be derived from multiple Exception objects.   Instead the exceptions="list" token identifies all of the exceptions that were applied.   I think the complete list of tokens is:

    av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience

Children
  • 0 in reply to DouglasFoster

    Our use case for this is more along the lines of looking at logs, ingested through Splunk, and being able to filter off of a name of an exception list not taking into account the checks for this.

    Seeing if a rule has been used, maybe to help us determine if an exception list is used(still used or perhaps last used) or which is the most used, finding a rule then filtering on particular servers, or being able to filter out when a particular one was used to correlate other events, among other uses. 

Unfiltered HTML