External Dynamic List Log Fields
Table of Contents
10.0 (EoL)
Expand all | Collapse all
-
- Automatic Content Updates Through Offline Panorama
- Enhanced Authentication for Dedicated Log Collectors and WildFire Appliances
- Syslog Forwarding Using Ethernet Interfaces
- Increased Configuration Size for Panorama
- Access Domain Enhancements for Multi-Tenancy
- Enhanced Performance for Panorama Query and Reporting
- Log Query Debugging
- Configurable Key Limits in Scheduled Reports
- Multiple Plugin Support for Panorama
End-of-Life (EoL)
External Dynamic List Log Fields
New log fields show you the traffic that matched your
external dynamic lists (EDLs).
You now can more easily identify when traffic
matches an external dynamic list (EDL).
New log fields enable you to more easily evaluate whether your EDLs
function as you intended so that you can correct any as needed.
If
traffic matches an entry that appears in multiple EDLs, the firewall
logs only the first matched list.
- Monitor EDL matches with new log fields ().MonitorTrafficNew log fields indicate which EDL triggered Security policy rule enforcement, such asSource EDLandDestination EDLIP address entries that match the source address or destination address of traffic.The type of EDL—IP address, URL, or domain—determines where the list appears in the logs:EDL TypeLog TypesLog FieldsIP Address
- Traffic
- Threat
- Decryption
- Tunnel Inspection
- Unified
- Source EDL
- Destination EDL
URL- Traffic
- URL Filtering
- Tunnel Inspection
The firewall treats URL EDLs like URL categories, so they appear in the same fields as do traditional URL categories:- URL Category
- URL Category List(found only in URL Filtering logs)
Domain- Threat
Domain EDLs appear only under theThreatlog type.When traffic matches a domain in an EDL, the firewall populates the following fields:- Name—the name of the EDL
- Threat Category—domain-edl
- URL—the domain that matched
- Use ACC global filters for EDL log fields ((+)).ACCGlobal FiltersAddYou can select EDL log fields as global filters in the ACC to visualize the performance of your EDLs in different ways, such as using theBlocked Activitytab to see if your EDLs are blocking traffic as intended.You can create global filters only for IP Address and URL EDLs. Select the appropriate global filter for the type of EDL you want to investigate:EDL TypeGlobal FilterIP Address
- SourceSource EDL
- DestinationDestination EDL
URLURL FilteringCategory - View EDL data in reports.PredefinedPredefined reports that include IP addresses now also include columns that identify the EDL in which those addresses reside (if applicable).CustomThe new log fields also display in custom reports if you configure the report to include them.