[Traffic Event Log Policy Events Menu] unified - Set HTTP transaction event including SSL and L4 connection info security - Set security events eaaf - Set ERT Active Attackers Feed events normal - Set threshold for unified events with normal severity exceptn - Set threshold for unified events with exception severity httptran - Set HTTP transaction events pathcorl - Set HTTP transaction path correlation sslconn - Set SSL connection events (both success and failure) sslfail - Set SSL connection failure events hostbyps - Set SSL Inspect hostname bypass events l4conn - Set L4 connection events cur - Display current Traffic Event Log policy event configuration |
Command Syntax and Usage | |
---|---|
unified dis|ena | |
Specifies whether to send a unified event including all Layer 4, SSL, and HTTP transaction information in a single record. Default: dis | |
security dis|ena | |
Specifies whether to send security events. Security events are the events sent by the Web Application Firewall (WAF) when an attack is detected. This allows user visibility to the protected traffic, refinement of false positives, and detailed explanations of security attacks. Security events are sent in the context of the application. It is also possible to correlate between the security event and its unified event (using the WAF transaction ID) to obtain more information on the transition. Default: dis | |
eaaf | |
Specifies whether to send ERT Active Attackers Feed events. This traffic event policy is global per device/instance. Values: dis, ena Default: dis | |
normal limit|unlimited|disable | |
You can limit the number of events per second with a severity level of normal or exception that are generated per application to reduce traffic event log volume and to protect and predict traffic log storage. Sets the threshold for unified events with a normal severity level. Values: ![]() ![]() ![]() Default: Limit to 100 events per second | |
exceptn limit|unlimited|disable | |
You can limit the number of events per second with a severity level of normal or exception that are generated per application to reduce traffic event log volume and to protect and predict traffic log storage. Sets the threshold for unified events with an exception severity level. Values: ![]() ![]() ![]() Default: Limit to 100 events per second | |
httptran dis|ena | |
Specifies whether to send HTTP request and response traffic events for the HTTP/HTTPS transactions. Default: ena | |
pathcorl [dis | entry | exit] | |
Specifies whether to enable HTTP transaction path correlation. Path correlation maintains the transaction ID when an HTTP transaction is logged by different filters in the same path. Path correlation adds the transaction ID as an HTTP header to the HTTP request at the path entry point, and removes it at the path exit point. Path correlation correlates between front-end and back-end connections and transactions. For example, in configuration for outbound SSL inspection configuration the following is required to correlate between the front-end and back-end connections: ![]() — Enable httptran. — Set pathcorl to entry. ![]() — Enable httptran. — Set pathcorl to exit. Default: dis | |
sslconn [dis | frontend | backend | both] | |
Specifies whether to send SSL connection information events for both successful and failed connections. Select the direction on which an SSL connection should be logged. Default: dis | |
sslfail | |
Specifies whether to send SSL connection failure events for failed SSL handshakes. Select the direction on which an SSL connection failure should be logged. Default: dis | |
hostbyps dis|ena | |
Specifies whether to send SSL inspection hostname bypass events for bypassed HTTPS traffic, where matching is based on SNI on a bypass filter configured with URL filtering or a content class. Default: dis | |
l4conn dis|ena | |
Specifies whether to send session connection events. Two events are sent for each front-end and back-end connection: one for connection open, and another for connection closure. Default: dis | |
cur | |
Displays the current traffic event log policy configuration. |