Enabling extended logging
You can enable extended logging for the following UTM profiles:
- antivirus
- application
- dlp
- ips
- waf
- webfilter
When you enable the extended-log option for UTM profiles, all HTTP header information for HTTP-deny traffic is logged.
When you enable the web-extended-all-action-log-enable option for webfilter profile, all HTTP header information for HTTP-allow traffic is logged.
Extended logging option in UTM profiles
The extended-log option has been added to all UTM profiles, for example:
# webfilter profile
config webfilter profile
edit "test-webfilter"
set extended-log enable
set web-extended-all-action-log enable
next
end
# av profile
config antivirus profile
edit "av-proxy-test"
set extended-log enable
next
end
# waf profile
config waf profile
edit "test-waf"
set extended-log enable
next
end
Syslog server mode
The Syslog server mode changed to udp, reliable, and legacy-reliable. You must set the mode to reliable to support extended logging, for example:
config log syslogd setting
set status enable
set server "<ip address>"
set mode reliable
set facility local6
end