diff --git a/common/include/ssl_stream.h b/common/include/ssl_stream.h
index 7fad2fe..f094d4d 100644
--- a/common/include/ssl_stream.h
+++ b/common/include/ssl_stream.h
@@ -1,5 +1,5 @@
 #pragma once
-
+#include <stdlib.h>
 struct ssl_stream;
 
 enum ssl_stream_action
@@ -26,11 +26,14 @@ enum SSL_STREAM_OPT
 	SSL_STREAM_OPT_PROTOCOL_MIN_VERSION,
 	SSL_STREAM_OPT_PROTOCOL_MAX_VERSION,
 	SSL_STREAM_OPT_ENABLE_ALPN,
-	SSL_STREAM_OPT_KEYRING_ID
+	SSL_STREAM_OPT_KEYRING_ID,
+	SSL_STREAM_OPT_SNI,						//VALUE is string
+	SSL_STREAM_OPT_ADDR						//VALUE is string
 };
 int sslver_str2num(const char * version_str);
 
 //s_stream must be upstream.
 int ssl_stream_set_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT  opt_type, int opt_val);
 int ssl_stream_get_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT  opt_type, int *opt_val);
+int ssl_stream_get_string_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, char* in_buff, size_t sz);
 
diff --git a/platform/src/ssl_stream.cpp b/platform/src/ssl_stream.cpp
index fb912e4..9c1da3d 100644
--- a/platform/src/ssl_stream.cpp
+++ b/platform/src/ssl_stream.cpp
@@ -2174,4 +2174,21 @@ int ssl_stream_get_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT
 	return 0;
 
 }
+int ssl_stream_get_string_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, char* in_buff, size_t sz)
+{
+	const char* sni=upstream->up_parts.client_hello->sni?upstream->up_parts.client_hello->sni:"null";
+	switch(opt_type)
+	{
+		case SSL_STREAM_OPT_SNI:
+			strncpy(in_buff, sni, sz);
+			break;
+		case SSL_STREAM_OPT_ADDR:
+			strncpy(in_buff, upstream->tcp_stream->str_stream_info, sz);
+			break;
+		default:
+			assert(0);
+			return -1;
+	}
+	return 0;
+}
 
diff --git a/plugin/business/ssl-policy/src/ssl_policy.cpp b/plugin/business/ssl-policy/src/ssl_policy.cpp
index 64b14d2..b48c345 100644
--- a/plugin/business/ssl-policy/src/ssl_policy.cpp
+++ b/plugin/business/ssl-policy/src/ssl_policy.cpp
@@ -195,6 +195,7 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void* u_p
 	UNUSED int ret=0;
 	int policy_id=0;
 	char policy_id_str[16]={0};
+	char sni[512], addr_string[512];
 	ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_INTERCEPT_POLICY_ID, &policy_id);
 	assert(ret==0);
 	snprintf(policy_id_str, sizeof(policy_id_str), "%d", policy_id);
@@ -204,6 +205,12 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void* u_p
 		TFE_LOG_INFO(enforcer->logger, "Failed to get intercept parameter of policy %d.", policy_id);
 		return SSL_ACTION_PASSTHROUGH;
 	}
+	else
+	{
+		ssl_stream_get_string_opt(upstream, SSL_STREAM_OPT_SNI, sni, sizeof(sni));
+		ssl_stream_get_string_opt(upstream, SSL_STREAM_OPT_ADDR, sni, sizeof(addr_string));		
+		TFE_LOG_DEBUG(enforcer->logger, "%s %s enforce policy %d", addr_string, sni, policy_id);
+	}
 	int pinning_staus=0, is_ev=0, is_ct=0, is_mauth=0, has_error=0;
  	if(!param->mirror_client_version)
 	{