Proxy logging mode
In a policy configuration, you define the details that are logged in ETP for HTTP or HTTPS threat events. Different logging levels are available to report data such as the HTTP headers, hostname, URL path, and query string information.
To make sure that your enterprise can investigate security incidents and determine why traffic is blocked, do not change the default logging mode. Level 1 provides details that are best for troubleshooting and investigating events.
You can select from these levels:
|Level 1 (Recommended)||Logs the HTTP headers in the request and response as well as the hostname, path, and query string in the URL.|
|Level 2||Logs the hostname, path, and query string in the URL.|
|Level 3||Logs the hostname and path in the URL.|
|Level 4||Logs the hostname.|
By default, Level 1 is selected. This data is reported in the Threat Events report.
Clicking to view more information about an event opens the Event Details window where you can view general and specific traffic information. The Traffic General subtab contains the hostname and path of a URL, while the Traffic Details subtab contains the query string, request and response information. If you select a logging method that does not record some of this information, this data is not shown. For example, if you select level 4, the Traffic Details subtab is disabled. While the hostname is reported in the associated field, the URI field does not show any information.