21.5 Enabling Access Gateway Audit Events

  1. Click Devices > Access Gateways > Edit > Auditing.

  2. Select one or more of the following events:

    Select All: Select this option to audit all events.

    Event

    Description

    Access Denied

    Generated when an access request is denied because the requester has insufficient access rights to a URL.

    Identity Injection Failed

    Generated when an Identity Injection policy injects with the value field empty.

    System Started

    Generated when Access Gateway is started.

    System Shutdown

    Generated when Access Gateway is stopped.

    Form Fill Failed

    Generated when a Form Fill policy fails to successfully fill in a form.

    Application Accessed

    Generated when a user accesses applications.

    URL Not Found

    Generated when a requested URL cannot be found.

    IP Access Attempted

    Generated when a user attempts to access a URL with an IP address instead of the published DNS name configured in Access Gateway.

    Oauth & OpenID Token Validation Failed

    Generated when OAuth and OpenID token validation fails.

    Session Created/Destroyed

    Generated when an Access Gateway session is started or ended. This event provides data for Access Gateway Active Users graph of Information Dashboard.

    Session Assurance Device Fingerprint Match Failed

    Generated when a fingerprint match fails during an Access Gateway session.

    Performance Intensive Events: Enabling the following high-volume events affects the performance of Access Gateway.

    Event

    Description

    Access Allowed

    Generated when a requested action is allowed because the requester has the correct access rights to a URL.

    Identity Injection Success

    Generated when the Identity Injection policy successfully injects data into the HTTP header.

    Form Fill Success

    Generated when a Form Fill policy successfully fills in a form.

    URL Accessed

    Generated when a user accesses a URL.

    Audit Filters: Select the items as required to exclude them from the audit events:

    Filter

    Description

    CSS

    Excludes CSS files as part of response from the audit events.

    JavaScripts

    Excludes JavaScript from the audit events.

    Images

    Excludes images from the audit events. Specify the image format. For example, JPEG, PNG.

    URLs Matching Regular Expression

    Excludes URLs matching the configured regular expression.

    It helps in filtering the specified URL paths from the ones audited as part of the URL Accessed audit event. These filtered out URL paths will not be displayed in the audit server. This is helpful where auditing every URL is not required and may increase the load of the audit server.The regular expression is standard Perl regular expressions. For more information, see Regular Expressions.Each URL (path?querystring) is matched against this expression. If the match is successful, the URL is not audited for URL access.

    For example:

    • To exclude the health check messages from auditing: /nesp/app/heartbeat

    • To exclude the auditing of URL under the path /images/: /images/*

  3. Click OK > OK.

  4. On the Access Gateways page, click Update.