• SonicOS and SonicOSX 7 Device Log
• Settings
  • Filtering the Base Setup View
  • Configuring the Logging and Alert Levels
    • Setting the Logging Level
    • Setting the Alert Level
  • About Other Top Row Buttons
    • Edit Attributes of All Categories
    • Reset Event Count
    • Save Template
    • Import Template
      • Default Template
      • Minimal Template
      • Analyzer/ViewPoint/GMS Template
      • Firewall Action Template
      • Custom Template
    • View Logs
  • About the Log Settings Base Setup Table
    • Category Column
    • Color Column
    • ID Column
    • Priority Column
    • GUI Column
    • Alert Column
    • Syslog Column
    • Ipfix Column
    • Email Column
    • Event Count Column
    • Edit and Reset Count Icons
  • Configuring Event Attributes Globally
  • Configuring Event Attributes Selectively
    • Configuring Event Attributes by Category
    • Configuring Event Attributes by Group
    • Configuring Event Attributes by Event
    • About Filename Logging
• Syslog
  • About Event Profiles
  • About Syslog Server Profiling
  • Using a GMS Server for Syslog
  • Syslog Settings
  • Syslog Servers
    • Adding a Syslog Server
    • Editing a Syslog Server
    • Enabling Syslog Servers
    • Disabling Syslog Server
    • Deleting Syslog Servers
• Automation
  • Email Settings
  • Mail Server Settings
  • FTP Log Automation
  • Solera Capture Stack
• Name Resolution
• Reports
  • Data Collection
  • Viewing Data
  • Persistent Logging
• AWS
  • Enabling AWS Logs
• SonicWall Support
  • About This Document

About Filename Logging

The Firewall > Application Control group provides the Filename Logging event. Application Control Filename Logging allows the administrator to be notified of each filename or URIs of interest that Application Control has explicitly identified as it processes packets or flows.

The notification uses the Log mechanism where the output can be shown in several message formats, such as on the Monitor > Logs > System Logs page or by Syslog. For Syslog, the message-id for an Application Control Filename Log is 1574 and it has a message template of Filename: %s, where the value substituted for %s can be a filename or URI identified by Application Control.

Filename Logging events can occur when the following requirements are met:

• Enable App Control - Application Control is enabled per zone from the Object > Match Objects > Zones page and globally on the Policy > Rules and Policies > App Control.
• Enable Filename Logging - Filename Logging is enabled on the Log > Settings page.
• Logging is enabled for the App Control Filename Logging event id=1574 - Enable GUI or Syslog with appropriate filtering on the Log > Settings page.

Filename Logging works with the following protocols:

• HTTP
• FTP
• NetBios/CIFS
• SMTP
• POP3
• IMAP

Gateway Anti-Virus does not need to be enabled.

With HTTP, if the server response does not have a filename in its headers, the last portion of the URL that the client requested is used.

If the entire filename cannot be captured because of any reason, (for example, the filename was too long or it straddles multiple packets or any other reason), the prefix portion that was captured is logged and an asterisk is appended to it in the log entry.