@JS_2022 :
It depends on how you craft to use it, how you use it in combination with other layers in some creative policy construction.
I can't tell you what I do with it (at a granular level) and give away what is part of our Professional Services offering (that would defeat the purpose of offering it if the work was given for free!), but there are ways to log fields in log files that are fields you would traditionally see in policy traces for SIEM tools to parse and report on.
Please reach out, having worked with this product for 11 years myself, and extremely familiar with CPL due to that historical background, there are tricks that can be used that are not Best Practices per say, but also won't put you in jeopardy of NOT being supported by Technical Support when you call up either.
Thanks,
AKH_BC
------------------------------
Providing you Premier Partner support via Accredited Training, Professional Services, Consulting Services, Partner support for products with full staff of Broadcom Knights.
Looking for support and want the top versed individuals to assist you? Email
sales@braxtongrant.com and let's start a conversation on how we can make you successful. Award Winning North America Symantec Knight Partner of the Year for 2021.
~~##Groundbreaking Expert Advantage Partner using CA Automic Automation for Automated Policy Rule Implementation with BSG Symantec Products! Reach out and ask me how to get your demo with us on this One Of A Kind Integration!##~~
------------------------------
Original Message:
Sent: Feb 23, 2023 08:25 AM
From: JS_2022
Subject: Log traffic for single rule - ProxySG
Thanks AKH_BC. I see that Polic_ID is used in the TRACK column. As the rule I am curious about is getting a lot of hits (based on the coverage output) would I not inundate the proxy with log files? Wouldn't enabling Policy_ID on the Track column be the same as leaviing a policy trace running 24/7?
Original Message:
Sent: Feb 10, 2023 08:35 AM
From: AKH_BC
Subject: Log traffic for single rule - ProxySG
I use Policy_ID for this with some other tricks, but much of this is #lessonslearned
Good luck!
AKH_BC
------------------------------
Providing you Premier Partner support via Accredited Training, Professional Services, Consulting Services, Partner support for products with full staff of Broadcom Knights.
Looking for support and want the top versed individuals to assist you? Email sales@braxtongrant.com and let's start a conversation on how we can make you successful. Award Winning North America Symantec Knight Partner of the Year for 2021.
~~##Groundbreaking Expert Advantage Partner using CA Automic Automation for Automated Policy Rule Implementation with BSG Symantec Products! Reach out and ask me how to get your demo with us on this One Of A Kind Integration!##~~
Original Message:
Sent: Feb 02, 2023 04:58 PM
From: JS_2022
Subject: Log traffic for single rule - ProxySG
Is there a way to log all traffic for a specific rule to see what source/dest are being used? I have a very broad permit rule for ANY destination and want to see what is actually hitting it. We do not have a reporter server.