The Web access log displays all user requests to the Internet via HTTP and HTTPS. It displays events that triggered content filtering, SSL inspection, web security, and Captive portal rules that have logging enabled. The following information is displayed:
-
NGFW node where the event occurred
-
Event time
-
Event details
-
User
-
Action
-
Rule
-
Reasons (if a site is blocked)
-
Destination URL
-
Source zone
-
Source IP address
-
Source port
-
Destination zone
-
Destination IP address
-
Destination port
-
URL categories.
-
Application
-
Application layer protocol
-
HTTP method
-
Status code.
-
Content type (if present)
-
Information
-
Bytes sent/received
-
Packets sent/received
-
Referrer (if present)
-
Operating system
-
Useragent.
Administrators can select to display only the columns they need. To do this, click on any of the columns and set the checkmarks for the columns you want to display in the context menu that appears.
To assist in finding the events of interest, the records can be filtered by various criteria such as the user account, rule, action, etc.
By clicking Export as CSV, the administrator can save the filtered log data in a .csv file for subsequent analysis.
Click Show to open a window with a detailed event description.