External Dynamic List Log Fields

• Monitor EDL matches with new log fields (MonitorTraffic).
  New log fields indicate which EDL triggered Security policy rule enforcement, such as Source EDL and Destination EDL IP address entries that match the source address or destination address of traffic.

  The type of EDL—IP address, URL, or domain—determines where the list appears in the logs:

  EDL Type	Log Types	Log Fields
  IP Address	Traffic Threat Decryption Tunnel Inspection Unified	Source EDL Destination EDL
  URL	Traffic URL Filtering Tunnel Inspection	The firewall treats URL EDLs like URL categories, so they appear in the same fields as do traditional URL categories: URL Category URL Category List (found only in URL Filtering logs)
  Domain	Threat	Domain EDLs appear only under the Threat log type. When traffic matches a domain in an EDL, the firewall populates the following fields: Name—the name of the EDL Threat Category—domain-edl URL—the domain that matched

• Use ACC global filters for EDL log fields (ACCGlobal FiltersAdd(+)).
  You can select EDL log fields as global filters in the ACC to visualize the performance of your EDLs in different ways, such as using the Blocked Activity tab to see if your EDLs are blocking traffic as intended.

  You can create global filters only for IP Address and URL EDLs. Select the appropriate global filter for the type of EDL you want to investigate:

  EDL Type	Global Filter
  IP Address	SourceSource EDL DestinationDestination EDL
  URL	URL FilteringCategory

• View EDL data in reports.
  Predefined	Predefined reports that include IP addresses now also include columns that identify the EDL in which those addresses reside (if applicable).
  Custom	The new log fields also display in custom reports if you configure the report to include them.