Application content control with logging – Amer Networks E5Web GUI User Manual

Extended Logging

When using application content control, it is possible to enable logging for different content.
This means that special log messages will be generated by cOS Core when the rule triggers on a
configured piece of content.

For example, if the user_agent in application content has logging enabled and the Allow Selected
string is set to firefox, this will allow the Firefox browser to be used and also generate a log
message to indicate that Firefox caused the rule to trigger. The string firefox will be included in
the log message.

The log messages generated by extended logging in application control will always be one of
the following events:

•

application_content_allowed

•

application_content_denied

•

application_content
(The action was Ignore but logging is Yes.)

Example 3.29. Application Content Control with Logging

This example shows how access to Facebook™ can be allowed but the Facebook chat function
disallowed using application content control. A log event will also be generated every time a
user tries to use the chat function.

Associating the application rule set created together with an IP policy will not be included in the
example but follows the same steps shown in the previous example.

InControl

Follow the same steps used for the Web Interface below.

Web Interface

First, define the Application Rule Set:

1.

Go to: Policies > Firewalling > Application Rule Sets > Add > Application Rule Set

2.

Specify a suitable name for the list, in this case facebook_list

3.

Set the Default Action to Allow

4.

Click OK

Next, define an Application Rule in this rule set:

1.

Go to: Policies > Firewalling > Application Rule Sets > facebook_list > Add >
Application Rule

2.

Select Allow for the Action

3.

Under Application Filter press Select filter to open the filter dialog

4.

Under Tag select Social Networking

Chapter 3: Fundamentals

214