Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Derek_Davenport
Participant

HTTP Methods in logs?

Sorry if I missed the answer to this question in documentation or forums...I promised I've tried to find the answer. Smiley Happy

In the URL Filtering and/or Application Control blades is there a way to add the "HTTP method" (eg POST, GET, PROPS, OPTIONS) to the log and more specifically to the log that can be ingested by a 3rd party SIEM?

Thanks for any guidance!

5 Replies
PhoneBoy
Admin
Admin

You must log the traffic with Extended Logging to get that information.

You will find it in the Session tab of the Log card:

I presume if we log it, it will also be sent to a SIEM as well, particularly if you're using Log Exporter.

See Log Exporter guide‌ for more details. 

Derek_Davenport
Participant

Thanks Dameon Welch Abernathy‌.  I changed the log type to this in the URL/Application control blade, but I am still not seeing this value in the URL filtering log I am getting.

Does this only work on the Application Control blade?  Was it added in a recent version?  Is there a way to tweak what is logged in "Extended Logging" ?

0 Kudos
PhoneBoy
Admin
Admin

You must have App Control/URL Filtering enabled for this to work, both on the gateway and, R80+, the relevant layer.

What is logged by Extended Logging is determined by what blades are active on the relevant gateway and layer.

0 Kudos
Derek_Davenport
Participant

Thanks!  I think R80 is my current stumbling block.  We are migrating to R80.10 gateways in the next few weeks...so I'll be able to verify then.   Thanks!!!!!

0 Kudos
PhoneBoy
Admin
Admin

This should also work in R77.30 as well, though it's in the App Control layer you use Extended Logging.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events