External Dynamic List Log Fields

Monitor EDL matches with new log fields (

Monitor

Traffic

).

New log fields indicate which EDL triggered Security policy rule enforcement, such as

Source EDL

and

Destination EDL

IP address entries that match the source address or destination address of traffic.



The type of EDL—IP address, URL, or domain—determines where the list appears in the logs:

EDL Type	Log Types	Log Fields
IP Address	Traffic Threat Decryption Tunnel Inspection Unified	Source EDL Destination EDL
URL	Traffic URL Filtering Tunnel Inspection	The firewall treats URL EDLs like URL categories, so they appear in the same fields as do traditional URL categories: URL Category URL Category List ( found only in URL Filtering logs )
Domain	Threat	Domain EDLs appear only under the Threat log type. When traffic matches a domain in an EDL, the firewall populates the following fields: Name —the name of the EDL Threat Category — domain-edl URL —the domain that matched

Use ACC global filters for EDL log fields (

ACC

Global Filters

Add

(+)).

You can select EDL log fields as global filters in the ACC to visualize the performance of your EDLs in different ways, such as using the

Blocked Activity

tab to see if your EDLs are blocking traffic as intended.

You can create global filters only for IP Address and URL EDLs. Select the appropriate global filter for the type of EDL you want to investigate:

EDL Type	Global Filter
IP Address	Source Source EDL Destination Destination EDL
URL	URL Filtering Category

View EDL data in reports.

Predefined	Predefined reports that include IP addresses now also include columns that identify the EDL in which those addresses reside (if applicable).
Custom	The new log fields also display in custom reports if you configure the report to include them.