HTTP Inspection Log

Logs > Log Query > HTTP Inspection Log

HTTP Inspection logs include events triggered by the monitor or block action settings configured at HTTP > HTTP Inspection > Policies. These policies block different types HTTP traffic detected through the headers, method, or URLs. An example might be the blocking of social networking services (SNS.)

• Time period—Display logs for the current day, week, or month.

• Range—Choose a start and end date to define the time period for which you want to view logs (inclusive). If logs from the start date are no longer on the server (or database), the earliest available logs will be displayed.

• HTTP Inspection Rules—Select from the list of HTTP Inspection rules for those logs you want to display. If more than one HTTP Inspection rule occurred for the same URL, all instances will be displayed.

• Protocol—Select the protocol type(s) for which you want to view logs.

• Filtering action—Select the filtering action(s) for which you want to view logs (Block or Monitor)

• Sort by—Choose the order in which you want IWSVA to group the logs for display:

• URL—Requested URL that was blocked

• Date—The date and time the URL was blocked

• Filter—Shows the HTTP Inspection filter that triggered the filtering action, for example SNS, browser type, large file upload, etc. Filters are configured at HTTP > HTTP Inspection > Filters.

• Rule—The reason a given URL was blocked, that is, the rule that caused the URL to be blocked. Examples include SNS policy of blocking all social networking sites, or a browser-type security rule that blocks all traffic through a specific browser.

• User ID—ID of the user whose URL was blocked

• Protocol—Type of Web connection (HTTP or HTTPS)

• Filtering action—The filtering action applied to a given URL.