The following steps assume that you have already set up auditing on your network. For more information, see Configuring Access Manager Appliance for Auditing.
Click Devices > Access Gateways > Edit > Auditing.
Based on the event category, select the events for notification.
Select All: Select this option for all events. Otherwise, select one or more of the following:
Events
Event |
Description |
---|---|
Access Denied |
Generated when a requested action is denied because the requester has insufficient access rights to a URL. |
Identity Injection Failed |
Generated when the Identity Injection policy injects with the value field empty. |
System Started |
Generated when Access Gateway is started. |
System Shutdown |
Generated when Access Gateway is stopped. |
Form Fill Failed |
Generated when a Form Fill policy fails to successfully fill in a form. |
Application Accessed |
Generated when a user accesses applications. |
URL Not Found |
Generated when a requested URL cannot be found. |
IP Access Attempted |
Generated when a user attempts to access a URL with an IP address instead of the published DNS name configured in Access Gateway. |
Oauth & OpenID Token Validation Failed |
Generated when an OAuth and OpenID token validation fails. |
Session Created/Destroyed |
Generated when an Access Gateway session starts or ends. This event provides the data for Access Gateway Active Users graph of Information Dashboard. |
Session Assurance Device Fingerprint Match Failed |
Generated when a fingerprint match fails during an Access Gateway session. |
High Volume Events
Event |
Description |
---|---|
Access Allowed |
Generated when a requested action is allowed because the requester has the correct access rights to a URL. |
Identity Injection Success |
Generated when the Identity Injection policy successfully injects data into the HTTP header. |
Form Fill Success |
Generated when a Form Fill policy successfully fills in a form. |
URL Accessed |
Generated when a user accesses a URL. |
IMPORTANT:Enabling High Volume Events may generate high volume of audit events on a system with heavy load. This may degrade the performance of Access Gateway.
Audit Filters
Select the following filters to exclude them from the audit events:
Filter |
Description |
---|---|
CSS |
Excludes CSS files as part of response from the audit events. |
JavaScripts |
Excludes JavaScripts from the audit events. |
Images |
Excludes images from the audit events. Specify the image format. For example: JPEG, PNG |
URLs Matching Regular Expression |
Excludes URLs matching the configured regular expression. It helps in filtering out specified URL paths from the ones audited as part of the URL Accessed audit event. These filtered out URL paths will not be displayed in the Audit Server. This is helpful where auditing every URL is not required and may increase the load on the Audit Server.The regular expression is standard perl based regular expressions. For more information about “Regular Expressions”, see .Each URL (path?querystring) is matched against this expression. If the match is successful, the URL will not be audited for URL access. For example:
|
To save your modifications, click OK twice.
On Access Gateways page, click Update.