Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco Web Security Appliance S670
  5. User Guide

Cisco Cisco Web Security Appliance S670 User Guide

Download
Page of 582
234
I R O N P O R T   A S Y N C O S   6 . 3   F O R   W E B   U S E R   G U I D E  
L O G G I N G
The access logs indicate whether or not an upload request was scanned by either the IronPort 
Data Security Filters or an external DLP server. The access log entries include a field for the 
IronPort Data Security scan verdict and another field for the External DLP scan verdict based. 
For more information, see “Understanding Web Reputation and Anti-Malware Information” 
on page 442.
In addition to the access logs, the Web Security appliance provides the following log file types 
to troubleshoot IronPort Data Security and External DLP Policies:
• Data Security Logs. Records client history for upload requests that are evaluated by the 
IronPort Data Security Filters.
• Data Security Module Logs. Records messages related to the IronPort Data Security 
Filters.
• Default Proxy Logs. In addition recording errors related to the Web Proxy, the default 
proxy logs include messages related to connecting to external DLP servers. This allows 
you to troubleshoot connectivity or integration problems with external DLP servers.
The following text illustrates a sample Data Security Log entry: 
Table 11-3 describes the Data Security Log fields. 
Mon Mar 30 03:02:13 2009 Info: 0 10.1.1.1 - - <<bar,text/
plain,5120><foo,text/plain,5120>> DEFAULT_CASE-allowall-DefaultGroup-
DefaultGroup-NONE-DefaultRouting ns server10.qa nc
Table 11-3 Data Security Log Fields
Field Value
Description
Wed Feb 11 23:09:18 2009 Info:
Timestamp and trace level
303
Transaction ID
10.1.1.1
Source IP address
-
User name
-
Authorized group names