Uploaded ProxySG logs are not showing the correct verdict in Cloud

book

Article ID: 171507

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

You have uploaded ProxySG logs to your Web Security Service (WSS) account with the Hosted Reporting functionality. Upon reviewing the logs, you note that verdict is always shown as ALLOW even though the logs have data for DENIED accesses.

Cause

This issue is caused because the field "x-exception-id" is missing from the ProxySG logs. The Web Security Service uses this field to correctly show the verdict.

Resolution

This field is included automatically in the following ProxySG default logs: bcreportermain_v1, bcreporterstreaming_v1, and bcreporterssl_v1

If you are using a custom log, you will need to manually include "x-exception-id" field.