yes, that's what I'm trying to do. I thought I had a default access_denied.log but my entries look different - possibly b/c of the version I'm running - 7.3.0 (13875)?
my entries in the log wrinting rule look like:
tba_1 String.ReplaceIfEquals (Number.ToString (Number), "", "-")
tba_2 String.ReplaceIfEquals (Boolean.ToString (Boolean), "", "-")
tba_3 String.ReplaceIfEquals (Boolean.ToString (Boolean), "", "-")
So I didn't have any idea what to map against. The values in your entry make sense!
On my 7.3.2 system they show as:
tba1 Number.ToString (URL.Reputation)
tba2 Boolean.ToString (Antimalware.Infected)
tba3 Boolean.ToString (Body.Modified)
If I drill down through the edit of each rule they eventually displayed as Number.ToString(Number), but on the rule set page they are shown the same as in sroering's screen shot. Try opening each line up, they should tell you what the Number or Boolean is referring to. It may be a version thing, as the current controlled release is a few versions past where you are.
I thought I had drilled down...obv not far enough as lo and behold when I do go into it the final parameter propery page I see does indeed show the value.
cool, ya learn something new etc etc...