Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Access log rule set

The Access Log rule set is a nested rule set in the Default Log Handler rule set.

Nested default rule set – Access Log
Criteria – Always

The rule set contains the following rule.

Write access.log

Always –> Continue —

Set User-Defined.logLine = DateTime.ToWebReporterString + “ ”” ...

FileSystemLogging.WriteLogEntry (User-Defined.logLine)<Access Log Configuration>

The rule uses an event to fill a log file entry with parameter values relating to requests sent by users, such as user names or request headers.

It uses another event to write this entry into a log file.

The log file entry is specified as a parameter in both events. The log that stores the log file is specified by the settings of the write event.

Values for the following parameters are set and logged by the events of the rule (properties used by the event that sets the values are shown in italics):

  • Date and timeDateTime.ToWebReporterString
  • User nameAuthentication.UserName
  • Client IP addressString.ReplaceIfEquals (IP.ToString(Client.IP), “”, “-”)
  • Response statusString.ReplaceIfEquals (Number.ToString (Response.StatusCode), “”, “-”)
  • Request headerRequestHeader.FirstLine
  • URL categoryList.OfCategory.ToString (URL.Categories)
  • URL reputationString.ReplaceIfEquals (URL.ReputationString, “”, “-”) (URL.Reputation<Default>)
  • Media typeMediaType.ToString (MediaType.FromHeader)
  • Body sizeString.ReplaceIfEquals (Number.ToString (Body.Size), “”, “-”)
  • User agentHeader.Request.Get(“User-Agent”)
  • Virus and malware names List.OfString.ToString (Antimalware.VirusNames)
  • Block action IDNumber.ToString (Block.ID)

The logging rule applies whenever a request for access to the web is received.

The two rule events for filling and writing a log entry are then executed.

Processing continues with the next rule or rule set.

  • Was this article helpful?