Hi, I would like to log when specific applications are used.
For example, if someone is using google drive, I'd like to log alerts or notifications.
Even better, initiate a packet capture.
Is it possible? How?
The only way that comes to mind is to have Logging enabled on your policies and send the logs to a Syslog server process which can look at the incoming logs for specific matching text in a log record, which would then send an e-mail on a match.