Access log rule set
The Access Log rule set is a nested rule set in the Default Log Handler rule set.
Nested default rule set – Access Log |
---|
Criteria – Always |
The rule set contains the following rule.
Write access.log
Always –> Continue —
Set User-Defined.logLine = DateTime.ToWebReporterString + “ ”” ...
FileSystemLogging.WriteLogEntry (User-Defined.logLine)<Access Log Configuration>
The rule uses an event to fill a log file entry with parameter values relating to requests sent by users, such as user names or request headers.
It uses another event to write this entry into a log file.
The log file entry is specified as a parameter in both events. The log that stores the log file is specified by the settings of the write event.
Values for the following parameters are set and logged by the events of the rule (properties used by the event that sets the values are shown in italics):
- Date and time — DateTime.ToWebReporterString
- User name — Authentication.UserName
- Client IP address — String.ReplaceIfEquals (IP.ToString(Client.IP), “”, “-”)
- Response status — String.ReplaceIfEquals (Number.ToString (Response.StatusCode), “”, “-”)
- Request header — RequestHeader.FirstLine
- URL category — List.OfCategory.ToString (URL.Categories)
- URL reputation — String.ReplaceIfEquals (URL.ReputationString, “”, “-”) (URL.Reputation<Default>)
- Media type — MediaType.ToString (MediaType.FromHeader)
- Body size — String.ReplaceIfEquals (Number.ToString (Body.Size), “”, “-”)
- User agent — Header.Request.Get(“User-Agent”)
- Virus and malware names — List.OfString.ToString (Antimalware.VirusNames)
- Block action ID — Number.ToString (Block.ID)
The logging rule applies whenever a request for access to the web is received.
The two rule events for filling and writing a log entry are then executed.
Processing continues with the next rule or rule set.