C613-22104-00 REV B URL Filtering Log Messages | Page 70
Logging Advanced Network Protection
By default, URL filtering only logs dropped requests. However, from 5.4.7-1.x, you can turn on
additional URL request logging to log all URL requests, including permitted requests. Use the
following commands:
awplus(config)# url-filter
awplus(config-url-filter)# log url-requests
Note: This is supported in all AR-Series firewalls.
By default, URL filtering messages are generated when there are:
Blacklist and whitelist hits—logged at severity info (6) level.
Invalid match criteria, detected while loading third party and custom blacklist and whitelist files—
logged at err (3) level.
Missing configured custom blacklist and/or whitelist files, while starting/restarting the feature—
logged at warning (4) level.
Log messages for blacklist or whitelist hits include information in the following format:
<action> URLFILTER: [URL:<url>] <protocol> <source-ip>:<source-port> ->
<dest-ip>:<dest-port>
Output 10: Example URL filtering log message for a dropped URL request
2016 Nov 17 02:02:21 local5.info awplus IPS[2039]: [Drop] URLFILTER: URL:http:/
kdskspb.ru/ [http] 192.168.1.1:58272 -> 172.16.1.2:80
Output 11: Example URL filtering log message for a permitted URL request when log url-requests is
configured
2017 Apr 12 03:47:21 local5.info awplus IPS[3885]: [Http] URL:http://172.16.1.2/
192.168.1.1:53698 -> 172.16.1.2:80
Table 9: URL Filtering log message elements
Message element Description
<action>
Which action is applied; [ALERT], [DROP] or [http].
<url>
The requested URL if the flow is HTTP.
<protocol>
The protocol e.g., SMTP, HTTP, TCP, ICMP.
<source-ip>:<source-port>
The source IP address and source port for the packet.
<dest-ip>:<dest-port>
The destination IP address and source port for the packet.
To Next Page
Loading...
Need help?
General
