Cisco Cisco Web Security Appliance S160 User Guide
24-21
Cisco IronPort AsyncOS 7.5 for Web User Guide
Chapter 24 Logging
Access Log File
Understanding Scanning Verdict Information
The access log file entries aggregate and display the results of the various scanning engines, such as URL
filtering, Web Reputation filtering, and anti-malware scanning. The appliance displays this information
in angled brackets at the end of each access log entry.
filtering, Web Reputation filtering, and anti-malware scanning. The appliance displays this information
in angled brackets at the end of each access log entry.
The following text is the scanning verdict information from an access log file entry. In this example, the
Webroot scanning engine found the malware:
Webroot scanning engine found the malware:
Note
For an example of a whole access log file entry, see
MONITOR_IDS
The Web Proxy scanned the upload request using either a
Data Security Policy or an External DLP Policy, but did not
block the request. It evaluated the request against the
Access Policies.
Data Security Policy or an External DLP Policy, but did not
block the request. It evaluated the request against the
Access Policies.
MONITOR_SUSPECT_USER_AGENT
The Web Proxy monitored the transaction based on the
Suspect User Agent setting for the Access Policy group.
Suspect User Agent setting for the Access Policy group.
MONITOR_WBRS
The Web Proxy monitored the transaction based on the Web
Reputation filter settings for the Access Policy group.
Reputation filter settings for the Access Policy group.
NO_AUTHORIZATION
The Web Proxy did not allow the user access to the SaaS
application because the user was already authenticated
against an authentication realm, but not against any
authentication realm configured in the SaaS Application
Authentication Policy.
application because the user was already authenticated
against an authentication realm, but not against any
authentication realm configured in the SaaS Application
Authentication Policy.
NO_PASSWORD
The user failed authentication.
REDIRECT_CUSTOMCAT
The Web Proxy redirected the transaction to a different
URL based on a custom URL category in the Access Policy
group configured to “Redirect.”
URL based on a custom URL category in the Access Policy
group configured to “Redirect.”
SAAS_AUTH
The Web Proxy allowed the user access to the SaaS
application because the user was authenticated
transparently against the authentication realm configured in
the SaaS Application Authentication Policy.
application because the user was authenticated
transparently against the authentication realm configured in
the SaaS Application Authentication Policy.
OTHER
The Web Proxy did not complete the request due to an error,
such as an authorization failure, server disconnect, or an
abort from the client.
such as an authorization failure, server disconnect, or an
abort from the client.
Table 24-7
ACL Decision Tag Values (continued)
ACL Decision Tag
Description
<IW_infr,ns,24,"Trojan-Phisher-Gamec",0,354385,12559,
-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_infr,-,"Trojan
Phisher","-","Unknown","Unknown","-","-",489.73,0,[Local],"-","-">