Is there a policy trace trace capability?

I have a cloud app that has a group of users permitted to access it, but is blocked for everyone else. While it is blocked for most others, there are a few users who are not in the group, that can access the site. I am trying to understand which rule/policy these users are slipping through on. Is there a policy trace capability, short of auditing every group/policy manually, that can show me where the gap is? I had this ability with Blue Coat years ago. Thank you.

Have you tried looking at the allowed rule name and rule type log fields? if you don’t see those fields, you will need to reach out to ask Zscaler support to get the feature enabled.

I assume you mean in in the Web Insights Log? I don’t see and allowed rule name or a rule type log field. Only rule name and policy type which are all “none”.

Yes. Please open a support ticket to request the addition of the allowed rule name log fields. The ones you see now capture only the block rule name and policy type.

Wow! There are optional log fields available that we can ask for? Allowed Rule Name would be extremely useful. Obviously adding fields to the log reports has resource and performance impact, but I’ll ask the obvious questions:

  • Why is Allowed Rule Name not enabled by default?
  • Where can we find the list of fields that can be requested to be enabled?
  • Is there an SSL Rule Name field?

thanks
Paul

1 Like

Thanks for the information. I opened a ticket with support and they had no idea what I was asking for. They tried to point me to sort Web Action - Block. He said he could put in a feature request for me and then asked me to enable Remote Assistance so he could look through my policies and find where these users are being permitted. Back to a manual effort.

Can you please share the support ticket number?

case number 03628050

I’ve got an open ticket and have just requested these as well - Case: 03605017

hi,

These log fields very useful but i wish we can have the same for SSL policy name…Any ER/roadmap for SSL policy name?