How to use Policy ID with access logs

book

Article ID: 168965

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

SGOS 6.5.6.1 Introduced a new feature called "Policy ID".

This allows a rule to be tracked from either within policy traces and the access logs.

This is very useful for identifying how frequently certain rules are used, and can aid in improving or troubleshooting policy.
 

Resolution

You can use this new feature directly in CPL using the reference_id function or you can create VPM code that makes use of this in the track column.

Here is a sample VPM policy.

We start with a sample policy that contains a Web Access Layer (WAL-001) and 2 rules. Rule 1 already uses the policy id feature, so we will add it to rule 2.

On the track column we click on "None" which opens the menu selector menu and we click the "Set" option.

This opens the modal window "Set Track Object" that contains an existing object. But we will be creating a new track object next, so we click on "Add New Object" > "Policy Id"

We then edit the Policy ID name and comment. The name will be the object name whilst the comment will be used as the reference_id (and visible in the access logs or policy trace). for this example we have choosen the name "Policy_ID2" and the comment is set to document the rule location (layer) and function "WAL-001 Allow (all)".

Once this is done we click apply to close the "Policy ID" modal window and we click "Set" to close the "Set Track Object" window:

Once this is done we have the following view of our WAL-001 layer 2 rules:

We can conclude this sample configuration by clicking the "Save Policy" link and showing a last screenshot of the resulting policy CPL:

Additional Information

To view the ID in access logs, include the x-bluecoat-reference-id field in the access log format.

Attachments