Add a rule for sending access log data
To send access log data from Web Gateway to a syslog server, add a rule to the rule for recording data in the Access Log rule set.
Task
- Select Policy | Rule Sets.
- Click Log Handler, expand the Default rule set, and select the nested Access Log rule set.
The content of the nested rule set appears on the configuration pane. By default, the rule set contains a rule that writes data about web access to a log line. - Add the following rule to make access log data available to the daemon that sends it to the syslog server.
Name
Make access log data available to syslog daemon
Criteria Action Event Always Continue Syslog (6, User-Defined.logLine)
The rule uses an event to make the access data that has been written to a user-defined log line before to the syslog daemon. The syslog daemon sends it to the syslog server. The daemon is configured in the rsyslog.conf system file.
The first event parameter specifies the severity level of the access log data. - Click Save Changes.
The rule is for making available data that the preceding rule records in default format. If the syslog server requires a different format, replace the preceding rule with a rule that uses the required format.
You can import rule sets with rules that write data in SIEM or CEF format from the online rule set library.