We have started using UDP-based MS Teams service in our proof-of-concept environment where we noticed that the ProxySG does not log details of the active UDP connections, it only logs a DENIED message 1-2 minutes after the connections stops.
For the testing we use Teams calls and we capture traffic to confirm that the packets are correctly handled by the proxy, still we couldn't find if there were logs generated.
The MS Teams service is in Intercept mode, we have we access layer with UDP-tunnel guard allowing traffic to all MS Teams destinations.
Release : SG/ASG/ISG-Proxy
See the below, for the only-UDP data that would be a part of access logging.
c-pkts-lost-client | 7.1.x 6.7.x 6.6.x 6.5.x | Number of packets lost during transmission from server to client and not recovered at the client layer via error correction or at the network layer via UDP resends |
c-pkts-recovered-resent | 7.1.x 6.7.x 6.6.x 6.5.x | Number of packets recovered because they were resent via UDP. |
transport | 7.1.x 6.7.x 6.6.x 6.5.x | Transport protocol used (UDP, TCP, multicast, etc.) |
Ref. doc.: Edge SWG (ProxySG) Access Log Fields
For the above, you will need to have the ELFs added to the log format, in access logging, to have the appliance log the packets, as described.
So, for the request made, this isn't a part of the access logging, by design.
While the UDP-Tunnel Proxy referenced in the case description was introduced in SGOS 7.3.2.x, No new UDP enhancement, linked with access logging was developed, in addition to the ones shared in the last update. Please refer to page 117, in the release notes attached. So the data shared in the last update remains relevant even for SGOS 7.3.15.2. We will work to update the KB article, internally.
Having said the above, please note that the customer is able to obtain statistics about UDP traffic in various areas of the management console:
In addition, the ProxySG Admin Console shows UDP Tunnel service information in Reports > Traffic Details.