You have a compliance/coaching page enabled on your ProxySG and you want to log/track when the user actually clicks 'Accept'

While there isn't any official built-in feature for logging/tracking when a user clicks the 'Accept' button on your coaching page, this is achievable through policy.

When a user clicks 'Accept' there are two noticeable variables provided in the client HTTP GET request:

1) The request header contains the following path in the 'refer' URL:  notify-NotifyUser1
2) The request header contains a 'cookie' : notified-NotifyUser1=1 (this cookie is set after the user clicks 'accept')

So we can write policy to detect this and either log it to the eventlogs, or write it to a separate access-log for Reporting.
Below is an example of what this policy looks like in the VPM.  In my example, I am writing to to the Eventlog file, and also to a custom access log.

1) Source: (named: accepted_notify)

This is a combined source object which contains the above mentioned referer path and cookie:

1.1) RequestHeader1 - Referer header (New > Request Header):

1.2) RequestHeader2 - Cookie header (New > Request Header):

  2) Destination - (named: not_authenticated)

This rule disables duplicate logging of 'accept notify' policy matching when user is undergoing authentication

• If you are in 'Explicit' proxy deployment, set this to 407
• If you are in 'Transparent proxy', set this to 401
• If you are in a mixed deployment (transparent and explicit) you can create a combined destination which contains both 401 and 407

 2.1) Set the auth destination rule to 'Negate' (i.e only match this policy is user is NOT currently going through authentication process)

3) Action (Named: NotifyAccepted) Optional

This will log the user clicking 'accept' to custom access-log named "NotifyAccepted".
You will only need this if you want to upload this log file to Blue Coat Reporter for reporting. You will need to create this access-log separately and uploaded it to your Reporter server. This process is not covered in this KB.

To create your own custom access log, go to:
Configuration --> Access Logging --> Logs --> New
 

 4) Track (named: EventLog) Optional

This will allow you to write to the event into your ProxySG eventlogs. However, it is also possible to send this to an SNMP sever, or e-mail to an administrator.
In my example, I have set the following variables to be written:

$(user) = The username of the person who clicked 'Accept' (assuming you have Authentication enabled)
$(url) = The URL the user was trying to access.

Once your policy triggers, the following information will be logged:

In the eventlogs:
2010-11-21 13:43:33-00:00UTC  "EMEA\test.user accepted coaching page to go to: http://www.example.com/"  28DB4 3B0002:8C   pe_policy_action_log_message.cpp:44

In the access logs:
2010-11-21 13:43:33 437 10.91.1.49 test.user - - PROXIED "none" http://www.example.com/notify-NotifyUser1?aHR0cDovL3d3dy5ibHVlY29hdC5jb20v  200 TCP_NC_MISS GET text/html;%20charset=utf-8 http www.example.com 80 / - - "Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0" 10.91.14.1 32491 756 - "unavailable" "unavailable"

• While the access-logs do not specifically say "the user clicked 'Accept'" - it is a fact they clicked 'accept' because we see the 'notifyUser1' in the path, and the SG will only write to this log file if the 'accept' criteria discussed at the start of the KB are matched.
• This is solution is provided 'as is' and is not an official feature.
• This policy was tested under SGOS 6.2. Future versions of SGOS or previous releases may not support this policy.