External Dynamic List Log Fields
Table of Contents
10.0 (EoL)
Expand all | Collapse all
-
- Automatic Content Updates Through Offline Panorama
- Enhanced Authentication for Dedicated Log Collectors and WildFire Appliances
- Syslog Forwarding Using Ethernet Interfaces
- Increased Configuration Size for Panorama
- Access Domain Enhancements for Multi-Tenancy
- Enhanced Performance for Panorama Query and Reporting
- Log Query Debugging
- Configurable Key Limits in Scheduled Reports
- Multiple Plugin Support for Panorama
End-of-Life (EoL)
External Dynamic List Log Fields
New log fields show you the traffic that matched your
external dynamic lists (EDLs).
You now can more easily identify when traffic
matches an external dynamic list (EDL).
New log fields enable you to more easily evaluate whether your EDLs
function as you intended so that you can correct any as needed.
If
traffic matches an entry that appears in multiple EDLs, the firewall
logs only the first matched list.
- Monitor EDL matches with new log fields (MonitorTraffic).New log fields indicate which EDL triggered Security policy rule enforcement, such as Source EDL and Destination EDL IP address entries that match the source address or destination address of traffic.The type of EDL—IP address, URL, or domain—determines where the list appears in the logs:
EDL Type Log Types Log Fields IP Address - Traffic
- Threat
- Decryption
- Tunnel Inspection
- Unified
- Source EDL
- Destination EDL
URL - Traffic
- URL Filtering
- Tunnel Inspection
The firewall treats URL EDLs like URL categories, so they appear in the same fields as do traditional URL categories:- URL Category
- URL Category List (found only in URL Filtering logs)
Domain - Threat
Domain EDLs appear only under the Threat log type.When traffic matches a domain in an EDL, the firewall populates the following fields:- Name—the name of the EDL
- Threat Category—domain-edl
- URL—the domain that matched
- Use ACC global filters for EDL log fields (ACCGlobal FiltersAdd(+)).You can select EDL log fields as global filters in the ACC to visualize the performance of your EDLs in different ways, such as using the Blocked Activity tab to see if your EDLs are blocking traffic as intended.You can create global filters only for IP Address and URL EDLs. Select the appropriate global filter for the type of EDL you want to investigate:
EDL Type Global Filter IP Address - SourceSource EDL
- DestinationDestination EDL
URL URL FilteringCategory - View EDL data in reports.PredefinedPredefined reports that include IP addresses now also include columns that identify the EDL in which those addresses reside (if applicable).CustomThe new log fields also display in custom reports if you configure the report to include them.