Cisco Cisco Web Security Appliance S690 User Guide

When you add addresses to the Allow List or Additional Suspected Malware Addresses properties, 
separate multiple entries with whitespace or commas. You can enter addresses in any of the following 
formats:

IP address. For example, 10.1.1.0.

CIDR address. For example, 10.1.1.0/24.

Domain name. For example, example.com. Entering a domain name such as example.com will also 
match www.example.com and hostname.example.com.

Hostname. For example, crm.example.com.

The S-Series appliance supports several options for generating feature specific reports and interactive 
displays of summary statistics. 

The Reporting > L4 Traffic Monitor page provides statistical summaries of monitoring activity. You can 
interactively update these displays by specifying a time range of hour, day, week or month. Additionally, 
you have the option to print these display pages and export the raw data to a file.

You can use the following displays and reporting tools to view the results of L4 Traffic Monitor activity:

If the Web Proxy is configured as a forward proxy and L4 Traffic Monitor is set to monitor all ports, the 
IP address of the proxy’s data port is recorded and displayed as a client IP address in the client activity 
report on the Reporting > Client Activity page. If the Web Proxy is configured as a transparent proxy, 
enable IP spoofing to correctly record and display the client IP addresses.

The L4 Traffic Monitor log file provides a detailed record of monitoring activity. For more information 
about the L4 Traffic Monitor log, see 

.

Client statistics

Reporting > Client Activity 

Malware statistics

Port statistics

Reporting > L4 Traffic Monitor

L4 Traffic Monitor log files

System Administration > Log Subscriptions

trafmon_errlogs

trafmonlogs