Logging Connections with Security Intelligence

The Security Intelligence policy requires the Threat Smart License or Protection Classic License.

Procedure

Step 1

In the access control policy editor, click Security Intelligence.

Step 2

Click Logging (logging icon) to enable Security Intelligence logging using the following criteria:

  • By IP address—Click logging next to Networks.
  • By URL—Click logging next to URLs.
  • By Domain Name—Click logging next to the DNS Policy drop-down list.

If the controls are dimmed, settings are inherited from an ancestor policy, or you do not have permission to modify the configuration. If the configuration is unlocked, uncheck Inherit from base policy to enable editing.

Step 3

Check the Log Connections check box.

Step 4

Specify where to send connection and Security-Related connection events.

Send events to the event viewer if you want to perform management center-based analysis, or if you set a Block list to monitor-only.

Step 5

Click OK to set logging options.

Step 6

Click Save to save the policy.

What to do next

  • Deploy configuration changes.