How to enable the logs to track Access Policies matched by users
03/26/2020 5 11682
DESCRIPTION: How to enable the logs to track Access Policies matched by users
By default the logs for Access Policy matching are disabled on the SRA. You can enable these logs from “Services” > “Settings” > Under “Policy Match Log Settings”, enable “Enable Policy Match” and select “Enable Policy Match For Allow Action” and/or “Enable Policy Match For Deny Action”, depending on if you want to log only the allow policies, only the deny policies or both of them. You can also specify the maximum time you want to keep the logs (in days).
In order to check the logs for the matched policies, go to “Services” > “Policies” > Click on the button located under “Statistic” for the specific policy.
You will be able to see the logs for the traffic matching that policy with information about the User, Domain, Source and Destination IP addresses, Platform, Port and Time of the connection.
Please note that this must be enable with care as it can generate a big amount of logs depending on the type and number of access policies that are configured.