policy id and web filtering action

Question

I executed these commands

#diagnose debug urlfiler src-addr <source ip>

#diagnose debug app urlfilter -1

#diagnose debug debug enable

Debug messages will be on for 30 minutes.

......and these are the output I gathered. Looks great coz I can filtered the src ip address and the action of Web Filter. Is there a way to include in the logs the policy ID which it was hitting? Any help is much appreciated

msg="Cache miss" user="N/A" src=172.x.y.10 sport=57391 dst=13.35.99.49 dport=80 service="http" hostname="www.playboy.com" url="/"

action=10(ftgd-block) wf-act=3(BLOCK) user="N/A" src=172.x.y.10 sport=57391 dst=13.35.99.49 dport=80 service="http" cat=14 hostname="www.playboy.com" url="/"

msg="received a request /tmp/.ipsengine_723_0_0.url.socket, addr_len=37: d=www.playboy.com:80, id=2, cat=255, vfname='root', vfid=0, profile='default', type=0, client=172.x.y.10, url_source=1, url="/favicon.ico"

Toshi_Esumi · Answer

I don't know if adding policy ID to the urlfilter debug output is possible. But if you know src/dst address, you can easily find it out in the session table.

# diag sys session filter clear

# diag sys session filter src 172.x.y.10

# diag sys session filter dst 13.35.99.49

# diag sys session list

It's in the 13th line like below

misc=0 policy_id=2 auth_info=0 chk_client_info=0 vd=0

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded