Command Line Interface Reference Guide > The SLB Configuration Menu
/cfg/slb/trevnt/trevpol/events
Traffic Event Log Policy Events Menu
 
 
[Traffic Event Log Policy Events Menu]
     unified - Set HTTP transaction event including SSL and L4 connection info
     security - Set security events
eaaf   - Set ERT Active Attackers Feed events
     normal - Set threshold for unified events with normal severity
     exceptn - Set threshold for unified events with exception severity
     httptran - Set HTTP transaction events
     pathcorl - Set HTTP transaction path correlation
sslconn - Set SSL connection events (both success and failure)
sslfail - Set SSL connection failure events
hostbyps - Set SSL Inspect hostname bypass events
l4conn - Set L4 connection events
cur - Display current Traffic Event Log policy event configuration
 
Traffic Event Log Policy Events Menu Options (/cfg/slb/trevnt/trevpol/events) 
Command Syntax and Usage
unified dis|ena
 
Specifies whether to send a unified event including all Layer 4, SSL, and HTTP transaction information in a single record.
Default: dis
security dis|ena
 
Specifies whether to send security events.
Security events are the events sent by the Web Application Firewall (WAF) when an attack is detected. This allows user visibility to the protected traffic, refinement of false positives, and detailed explanations of security attacks.
Security events are sent in the context of the application. It is also possible to correlate between the security event and its unified event (using the WAF transaction ID) to obtain more information on the transition.
Default: dis
eaaf
 
Specifies whether to send ERT Active Attackers Feed events. This traffic event policy is global per device/instance.
Values: dis, ena
Default: dis
normal limit|unlimited|disable
 
You can limit the number of events per second with a severity level of normal or exception that are generated per application to reduce traffic event log volume and to protect and predict traffic log storage.
Sets the threshold for unified events with a normal severity level.
Values:
*disable — Do not send events of this severity level.
*limit — Send the defined number of events of this severity level per second (valid range: 1 – 999,999 events per second).
*unlimited — Do not limit the number of events of this severity level that are sent.
Default: Limit to 100 events per second
exceptn limit|unlimited|disable
 
You can limit the number of events per second with a severity level of normal or exception that are generated per application to reduce traffic event log volume and to protect and predict traffic log storage.
Sets the threshold for unified events with an exception severity level.
Values:
*disable — Do not send events of this severity level.
*limit — Send the defined number of events of this severity level per second (valid range: 1 – 999,999 events per second).
*unlimited — Do not limit the number of events of this severity level that are sent.
Default: Limit to 100 events per second
httptran dis|ena
 
Specifies whether to send HTTP request and response traffic events for the HTTP/HTTPS transactions.
Default: ena
pathcorl [dis | entry | exit]
 
Specifies whether to enable HTTP transaction path correlation.
Path correlation maintains the transaction ID when an HTTP transaction is logged by different filters in the same path. Path correlation adds the transaction ID as an HTTP header to the HTTP request at the path entry point, and removes it at the path exit point.
Path correlation correlates between front-end and back-end connections and transactions. For example, in configuration for outbound SSL inspection configuration the following is required to correlate between the front-end and back-end connections:
*On the Event policy associated with the front-end filter:
Enable httptran.
Set pathcorl to entry.
*On the Event policy associated with the back-end filter:
Enable httptran.
Set pathcorl to exit.
Default: dis
sslconn [dis | frontend | backend | both]
 
Specifies whether to send SSL connection information events for both successful and failed connections.
Select the direction on which an SSL connection should be logged.
Default: dis
sslfail
 
Specifies whether to send SSL connection failure events for failed SSL handshakes.
Select the direction on which an SSL connection failure should be logged.
Default: dis
hostbyps dis|ena
 
Specifies whether to send SSL inspection hostname bypass events for bypassed HTTPS traffic, where matching is based on SNI on a bypass filter configured with URL filtering or a content class.
Default: dis
l4conn dis|ena
 
Specifies whether to send session connection events. Two events are sent for each front-end and back-end connection: one for connection open, and another for connection closure.
Default: dis
cur
 
Displays the current traffic event log policy configuration.