19.3 Enabling Access Gateway Audit Events

The following steps assume that you have already set up auditing on your network. For more information, see Configuring Access Manager Appliance for Auditing.

  1. Click Devices > Access Gateways > Edit > Auditing.

  2. Based on the event category, select the events for notification.

    Select All: Select this option for all events. Otherwise, select one or more of the following:




    Access Denied

    Generated when a requested action is denied because the requester has insufficient access rights to a URL.

    Identity Injection Failed

    Generated when the Identity Injection policy injects with the value field empty.

    System Started

    Generated when Access Gateway is started.

    System Shutdown

    Generated when Access Gateway is stopped.

    Form Fill Failed

    Generated when a Form Fill policy fails to successfully fill in a form.

    Application Accessed

    Generated when a user accesses applications.

    URL Not Found

    Generated when a requested URL cannot be found.

    IP Access Attempted

    Generated when a user attempts to access a URL with an IP address instead of the published DNS name configured in Access Gateway.

    Oauth & OpenID Token Validation Failed

    Generated when an OAuth and OpenID token validation fails.

    Session Created/Destroyed

    Generated when an Access Gateway session starts or ends. This event provides the data for Access Gateway Active Users graph of Information Dashboard.

    Session Assurance Device Fingerprint Match Failed

    Generated when a fingerprint match fails during an Access Gateway session.

    High Volume Events



    Access Allowed

    Generated when a requested action is allowed because the requester has the correct access rights to a URL.

    Identity Injection Success

    Generated when the Identity Injection policy successfully injects data into the HTTP header.

    Form Fill Success

    Generated when a Form Fill policy successfully fills in a form.

    URL Accessed

    Generated when a user accesses a URL.

    IMPORTANT:Enabling High Volume Events may generate high volume of audit events on a system with heavy load. This may degrade the performance of Access Gateway.

    Audit Filters

    Select the following filters to exclude them from the audit events:




    Excludes CSS files as part of response from the audit events.


    Excludes JavaScripts from the audit events.


    Excludes images from the audit events. Specify the image format. For example: JPEG, PNG

    URLs Matching Regular Expression

    Excludes URLs matching the configured regular expression.

    It helps in filtering out specified URL paths from the ones audited as part of the URL Accessed audit event. These filtered out URL paths will not be displayed in the Audit Server. This is helpful where auditing every URL is not required and may increase the load on the Audit Server.The regular expression is standard perl based regular expressions. For more information about “Regular Expressions”, see .Each URL (path?querystring) is matched against this expression. If the match is successful, the URL will not be audited for URL access.

    For example:

    • To exclude the health check messages from auditing: /nesp/app/heartbeat

    • To exclude the auditing of URL under the path /images/: /images/*

  3. To save your modifications, click OK twice.

  4. On Access Gateways page, click Update.