Add a rule for sending access log data

To send access log data from Web Gateway to a syslog server, add a rule to the rule for recording data in the Access Log rule set..

Task

  1. Select PolicyRule Sets.
  2. Click Log Handler, expand the Default rule set, and select the nested Access Log rule set.
    The content of the nested rule set appears on the configuration pane. By default the rule set contains a rule that writes data about web access to a log line.
  3. Add the following rule to make access log data available to the daemon that sends it to the syslog server.
    Name
    Make access log data available to syslog daemon
    Criteria Action Event
    Always –> Continue Syslog (6, User-Defined.logLine)

    The rule uses an event to make the access data that has been written to a user-defined log line before to the syslog daemon. The syslog daemon sends it to the syslog server. The daemon is configured in the rsyslog.conf system file.

    The first event parameter specifies the severity level of the access log data.

  4. Click Save Changes.

Results

The rule is for making available data that the preceding rule records in default format. If the syslog server requires a different format, replace the preceding rule with a rule that uses the required format.

You can import rule sets with rules that write data in SIEM or CEF format from the online rule set library.