Use policy to find out which users attempt to access blocked categories

book

Article ID: 167097

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

You want to know which users are attempting to access URL categories that are blocked on your network. You can use policy to track user requests in a ProxySG access log.

These high-level steps provide instructions on creating policy in the Visual Policy Manager (VPM). For a basic introduction to creating policy, see the training video:

Basic ProxySG Policy Management

Resolution

To create policy that tracks Web content access in an access log:

  1. Create an access log for denied categories:
    • Select Configuration > Access Logging > Logs.
    • Make note of the format of your primary log. (By default, the ProxySG logs to the acess log named main, which uses the bcreportermain_v1 log format.)
    • Click New and name the log DeniedCategories.
    • From the Format drop-down, select the same log format you are using for your primary log (such as bcreportermain_v1).
    • Close the dialogs and Apply the change.
  2. Launch the Visual Policy Manager.
  3. Create a Web Access layer (Policy > Add Web Access Layer ).
  4. Select the URL categories to be tracked:
    • Right-click in the Destination column and choose Set.
    • Select New > Request URL Category.
    • Select the categories to track.
    • Close the dialogs.
  5. Create an access logging object that logs access to denied categories:
    • Right-click in the Action column and choose Set.
    • Select New > Modify Access Logging.
    • Name the object DeniedCatLog.
    • Click Enable logging to and select the DeniedCategories log you created in Step 1.
    • Click OK.
  6. Create a combined action object that denies access to categories and logs the requests:
    • In the Set Action Object dialog, select New > Combined Action Object.
    • Type LogAndDeny for the name of the combined object.
    • Select the access logging object (DeniedCatLog) that you created in Step 5 and click Add.
    • Select the Deny (Content Filter) object and click Add.
    • Click OK.
    • In the Set Action Object dialog, make sure the combined object (LogAndDeny) is selected and click OK.
  7. Install the policy.
  8. To view the DeniedCategories access log:
    • Select Statistics > Access Logging > Log Tail.
    • From the Log drop-down, choose DeniedCategories.
    • Click Start Tail to see recent activity to this log.

This log can be off-loaded to Blue Coat Reporter and parsed like any other log.