How to enable the logs to track Access Policies matched by users
By default the logs for Access Policy matching are disabled on the SMA.
You can enable these logs from Services |Settings |Under Policy Match Log Settings
Toggle Enable Policy Match Logging and check the boxes for Log 'Allow' Matches and Log 'Deny' Matches, depending on if you want to log only the allow policies, only the deny policies or both of them. You can also specify the maximum time you want to keep the logs (in days).
In order to check the logs for the matched policies, go to Services |Policies . Hover the mouse over the Statistics for the specific policy to see the matchedCount numbers.
You will be able to see the logs for the traffic matching that policy with information about the User, Domain, Source and Destination IP addresses, Platform, Port and Time of the connection.
NOTE: This must be enabled with care as it can generate a huge amount of logs depending on the type and number of access policies that are configured.