You have a compliance/coaching page enabled on your ProxySG and you want to log/track when the user actually clicks 'Accept'
While there isn't any official built-in feature for logging/tracking when a user clicks the 'Accept' button on your coaching page, this is achievable through policy.
When a user clicks 'Accept' there are two noticeable variables provided in the client HTTP GET request:
1) The request header contains the following path in the 'refer' URL: notify-NotifyUser1
2) The request header contains a 'cookie' : notified-NotifyUser1=1 (this cookie is set after the user clicks 'accept')
So we can write policy to detect this and either log it to the eventlogs, or write it to a separate access-log for Reporting.
Below is an example of what this policy looks like in the VPM. In my example, I am writing to to the Eventlog file, and also to a custom access log.
1) Source: (named: accepted_notify)
This is a combined source object which contains the above mentioned referer path and cookie:
1.1) RequestHeader1 - Referer header (New > Request Header):
1.2) RequestHeader2 - Cookie header (New > Request Header):
2) Destination - (named: not_authenticated)
This rule disables duplicate logging of 'accept notify' policy matching when user is undergoing authentication
2.1) Set the auth destination rule to 'Negate' (i.e only match this policy is user is NOT currently going through authentication process)
3) Action (Named: NotifyAccepted) Optional
This will log the user clicking 'accept' to custom access-log named "NotifyAccepted".
You will only need this if you want to upload this log file to Blue Coat Reporter for reporting. You will need to create this access-log separately and uploaded it to your Reporter server. This process is not covered in this KB.
To create your own custom access log, go to:
Configuration --> Access Logging --> Logs --> New
4) Track (named: EventLog) Optional
This will allow you to write to the event into your ProxySG eventlogs. However, it is also possible to send this to an SNMP sever, or e-mail to an administrator.
In my example, I have set the following variables to be written:
$(user) = The username of the person who clicked 'Accept' (assuming you have Authentication enabled)
$(url) = The URL the user was trying to access.
Once your policy triggers, the following information will be logged:
In the eventlogs:
2010-11-21 13:43:33-00:00UTC "EMEA\ross.thomson accepted coaching page to go to: http://www.bluecoat.com/" 28DB4 3B0002:8C pe_policy_action_log_message.cpp:44
In the access logs:
2010-11-21 13:43:33 437 10.91.1.49 ross.thomson - - PROXIED "none" http://www.bluecoat.com/notify-NotifyUser1?aHR0cDovL3d3dy5ibHVlY29hdC5jb20v 200 TCP_NC_MISS GET text/html;%20charset=utf-8 http www.bluecoat.com 80 / - - "Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0" 10.91.14.1 32491 756 - "unavailable" "unavailable"