External Dynamic List Log Fields

New log fields show you the traffic that matched your external dynamic lists (EDLs).
You now can more easily identify when traffic matches an external dynamic list (EDL). New log fields enable you to more easily evaluate whether your EDLs function as you intended so that you can correct any as needed.
If traffic matches an entry that appears in multiple EDLs, the firewall logs only the first matched list.
  • Monitor EDL matches with new log fields (
    Monitor
    Traffic
    ).
    New log fields indicate which EDL triggered Security policy rule enforcement, such as
    Source EDL
    and
    Destination EDL
    IP address entries that match the source address or destination address of traffic.
    The type of EDL—IP address, URL, or domain—determines where the list appears in the logs:
    EDL Type
    Log Types
    Log Fields
    IP Address
    • Traffic
    • Threat
    • Decryption
    • Tunnel Inspection
    • Unified
    • Source EDL
    • Destination EDL
    URL
    • Traffic
    • URL Filtering
    • Tunnel Inspection
    The firewall treats URL EDLs like URL categories, so they appear in the same fields as do traditional URL categories:
    • URL Category
    • URL Category List
      (
      found only in URL Filtering logs
      )
    Domain
    • Threat
    Domain EDLs appear only under the
    Threat
    log type.
    When traffic matches a domain in an EDL, the firewall populates the following fields:
    • Name
      —the name of the EDL
    • Threat Category
      domain-edl
    • URL
      —the domain that matched
  • Use ACC global filters for EDL log fields (
    ACC
    Global Filters
    Add
    (+)).
    You can select EDL log fields as global filters in the ACC to visualize the performance of your EDLs in different ways, such as using the
    Blocked Activity
    tab to see if your EDLs are blocking traffic as intended.
    You can create global filters only for IP Address and URL EDLs. Select the appropriate global filter for the type of EDL you want to investigate:
    EDL Type
    Global Filter
    IP Address
    • Source
      Source EDL
    • Destination
      Destination EDL
    URL
    URL Filtering
    Category
  • View EDL data in reports.
    Predefined
    Predefined reports that include IP addresses now also include columns that identify the EDL in which those addresses reside (if applicable).
    Custom
    The new log fields also display in custom reports if you configure the report to include them.

Recommended For You