Skip to main content
McAfee Enterprise MVISION Cloud

Adding a log file field

Adding a log file field to the entries that are written in the log files of a log allows you to record additional information about activities that are performed on Secure Web Gateway.

When you add a log file field, you might also want to adapt the log header and configure an entry for the new log file field. This way you ensure that the header, which is written into every log file, also includes information on this field.

Add a log file field

To add a log file field to an entry for a log file, append an appropriate element to the configuration for writing log file entries.

In this sample procedure, the destination IP address of a client request that is received on Secure Web Gateway is added to the rule for writing log file entries into the default access log.

Task

  1. Select Policy | Rule Sets.
  2. Select Log Handler, expand the Default rule set on the log handler tree, and select Access Log.
  3. Add an element for writing log file entries.
    1. Select the Write access log rule and click Edit immediately above.
    2. Select Events, then select the event Set User-Defined.logLine and click Edit.
    3. Under To concatenation of these strings, click Add.
    4. Click Parameter property, select IP.ToString from the properties list, and click Parameters next to the property name.
      The Parameters For Property window opens.

NOTE: To search for the property, you can type a suitable combination of characters in the filter field above the list. For example, ip.tos.

  1. Click Parameter property and select URL.Destination.IP.
  2. Click OK in the Parameters For Property window, then in the Enter a String window.
    The new element appears in the Edit Set Property window, behind the last of the old elements, as shown here:
+ Number.ToString(Block.ID)
+ "" ""
+ Application.ToString(Application.Name)
+ """
+ IP.ToString(URL.Destination.IP)
  1. Insert a delimiter to let the new log file field be separated from the preceding.
    1. Select the line with the three double quotes and click Edit.
    2. Enter a blank next to the double quote that appears in the window, then click OK.
      The Enter a String window closes. In the Edit Set Property window, the line between the two elements should now look like this:
+ Application.ToString(Application.Name)
+ "" "
+ IP.ToString(URL.Destination.IP)
  1. Click OK in the Enter a string and Edit Set Property windows, then click Finish in the Edit Rule window.
  1. Click Finish in the Edit Rule window, then click Save Changes.

Adapt the log header

Adapt the access log header by adding a header entry for the new element that you appended to the elements for log file writing.

Task

  1. Select Policy | Settings.
  2. On the settings tree, expand File System Logging and select the Access Log Configuration settings.
  3. Under File System Logging Settings, make sure Enable header writing is selected, and at the end of the text string in the Log header field leave a blank after the last element and type server_ip.

NOTE: Header field names, such as server_ip, must not include blanks inside them, so always use underscores.

  1. Click Save Changes.
  • Was this article helpful?