Cisco Cisco Web Security Appliance S360 User Guide

462

I R O N P O R T   A S Y N C O S   6 . 3   F O R   W E B   U S E R   G U I D E  

TR A F F I C   M O N I T O R   L O G

The L4 Traffic Monitor log file provides a detailed record of monitoring activity. You can view 
L4 Traffic Monitor log file entries and track updates to firewall block lists and firewall allow 
lists. Consider the following example log entries:

172.xx.xx.xx discovered for blocksite.net (blocksite.net) added to 
firewall block list.

In this example, where a match becomes a block list firewall entry. The L4 Traffic Monitor 
matched an IP address to a domain name in the block list based on a DNS request which 
passed through the appliance. The IP address is then entered into the block list for the firewall.

172.xx.xx.xx discovered for www.allowsite.com (www.allowsite.com) added 
to firewall allow list.

In this example, a match becomes an allow list firewall entry. The L4 Traffic Monitor matched 
a domain name entry and added it to the appliance allow list. The IP address is then entered 
into the allow list for the firewall.

Firewall noted data from 172.xx.xx.xx to 209.xx.xx.xx 
(allowsite.net):80.

In this example, the L4 Traffic Monitor logs a record of data that passed between an internal IP 
address and an external IP address which is on the block list. Also, the L4 Traffic Monitor is set 
to monitor, not block.