Cisco Cisco Web Security Appliance S160 User Guide

The access log file entries aggregate and display the results of the various scanning engines, such as URL 
filtering, Web Reputation filtering, and anti-malware scanning. The appliance displays this information 
in angled brackets at the end of each access log entry. 

The following text is the scanning verdict information from an access log file entry. In this example, the 
Webroot scanning engine found the malware: 

For an example of a whole access log file entry, see 

MONITOR_IDS

The Web Proxy scanned the upload request using either a 
Data Security Policy or an External DLP Policy, but did not 
block the request. It evaluated the request against the 
Access Policies.

MONITOR_SUSPECT_USER_AGENT 

The Web Proxy monitored the transaction based on the 
Suspect User Agent setting for the Access Policy group.

MONITOR_WBRS 

The Web Proxy monitored the transaction based on the Web 
Reputation filter settings for the Access Policy group.

NO_AUTHORIZATION

The Web Proxy did not allow the user access to the SaaS 
application because the user was already authenticated 
against an authentication realm, but not against any 
authentication realm configured in the SaaS Application 
Authentication Policy.

NO_PASSWORD

The user failed authentication.

REDIRECT_CUSTOMCAT

The Web Proxy redirected the transaction to a different 
URL based on a custom URL category in the Access Policy 
group configured to “Redirect.”

SAAS_AUTH

The Web Proxy allowed the user access to the SaaS 
application because the user was authenticated 
transparently against the authentication realm configured in 
the SaaS Application Authentication Policy. 

OTHER

The Web Proxy did not complete the request due to an error, 
such as an authorization failure, server disconnect, or an 
abort from the client.

<IW_infr,ns,24,"Trojan-Phisher-Gamec",0,354385,12559,

 

-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_infr,-,"Trojan 

Phisher","-","Unknown","Unknown","-","-",489.73,0,[Local],"-","-">