What can I do here?
Use this window to configure Track Settings.
Getting Here - Security Policies > Access Control > Policy > Track Column > More
Select these options in the column of a rule:
- - Do not generate a log.
- This is the default option. It shows all the information that the Security Gateway used to match the connection. At a minimum, this is the Source, Destination, Source Port, and Destination Port. If there is a match on a rule that specifies an application, a session log shows the application name (for example, Dropbox). If there is a match on a rule that specifies a Data Type, the session log shows information about the files, and the contents of the files.
- - Select this to update the log at 10 minutes intervals, to show how much data has passed in the connection: Upload bytes, Download bytes, and browse time.
Note - When upgrading from R77.xx or from R80 versions to R80.10, there are changes to the behavior of the options in the column. To learn more see sk116580.
Advanced Track options
and are only available if one or more of these Blades are enabled on the Layer: Applications & URL Filtering, Content Awareness, or Mobile Access.
- Equivalent to the Log option, but also shows the application that matched the connections, even if the rule does not specify an application. Use for a cleanup rule (Any/internet/Accept) of an Applications and URL Filtering Policy Layer that was upgraded from an R77 Application Control Rule Base.
- Equivalent to the Detailed option, but also shows a full list of URLs and files in the connection or the session. The URLs and files show in the lower pane of the view.
- - Select this to show a different log for each connection in the session. This is the default for rules in a Layer with only Firewall enabled. These are basic firewall logs.
- - Select this to generate one log for all the connections in the same session. This is the default for rules in a Layer with Applications and URL Filtering or Content Awareness enabled. These are basic Application Control logs.
For each alert option, you can define a script in > > >
- - Do not generate an alert.
- - Generate a log of type Alert and run a command, such as: Show a popup window, send an email alert or an SNMP trap alert, or run a user-defined script as defined in the .
- - Generate a log of type Alert and send an SNMP alert to the SNMP GUI, as defined in the .
- - Generate a log of type Alert and send an email to the administrator, as defined in the .
- - Generate a log of type Alert and send one of three possible customized alerts. The alerts are defined by the scripts specified in the .
A session is a user's activity at a specified site or with a specified application. The session starts when a user connects to an application or to a site. The Security Gateway includes all the activity that the user does in the session in one session log (in contrast to the firewall log which shows top sources, destinations, and services).
To search for log sessions:
In the tab of the view, search for
To see details of the log session:
In the tab of the view, select a session log.
In the bottom pane of the tab, click the tabs to see details of the session log:
- - Shows all the connections in the session. These show if is selected in the option of the rule.
- - Shows all the URLs in the session. These show if is selected in the option of the rule.
- - Shows all the files uploaded or downloaded in the session. These show if is selected in the option of the rule, or if a Data Type was matched on the connection.
To see the session log for a connection that is part of a session:
- In the tab of the view, double-click on the log record of a connection that is part of a session.
- In the , click the session icon (in the top-right corner) to search for the session log in a new tab.
To configure the session timeout:
By default, after a session continues for three hours, the Security Gateway starts a new session log. You can change this in SmartConsole from the view, in > > > > .