Cisco Cisco Web Security Appliance S160 User Guide
21-15
AsyncOS 9.1.1 for Cisco Web Security Appliances User Guide
Chapter 21 Monitor System Activity Through Logs
Web Proxy Information in Access Log Files
N/A (Part of the ACL
decision tag)
decision tag)
PolicyGroupName
Name of policy group responsible for the final decision on this
transaction (Access Policy, Decryption Policy, or Data Security
Policy). When the transaction matches a global policy, this
value is “DefaultGroup.”
transaction (Access Policy, Decryption Policy, or Data Security
Policy). When the transaction matches a global policy, this
value is “DefaultGroup.”
Any space in the policy group name is replaced with an
underscore ( _ ).
underscore ( _ ).
N/A (Part of the ACL
decision tag)
decision tag)
Identity
Identity policy group name.
Any space in the policy group name is replaced with an
underscore ( _ ).
underscore ( _ ).
N/A (Part of the ACL
decision tag)
decision tag)
OutboundMalwareScanning
Policy
Outbound Malware Scanning Policy group name.
Any space in the policy group name is replaced with an
underscore ( _ ).
underscore ( _ ).
N/A (Part of the ACL
decision tag)
decision tag)
DataSecurityPolicy
Cisco IronPort Data Security Policy group name. When the
transaction matches the global Cisco IronPort Data Security
Policy, this value is “DefaultGroup.” This policy group name
only appears when Cisco IronPort Data Security Filters is
enabled. “NONE” appears when no Data Security Policy was
applied.
transaction matches the global Cisco IronPort Data Security
Policy, this value is “DefaultGroup.” This policy group name
only appears when Cisco IronPort Data Security Filters is
enabled. “NONE” appears when no Data Security Policy was
applied.
Any space in the policy group name is replaced with an
underscore ( _ ).
underscore ( _ ).
N/A (Part of the ACL
decision tag)
decision tag)
ExternalDLPPolicy
External DLP Policy group name. When the transaction
matches the global External DLP Policy, this value is
“DefaultGroup.” “NONE” appears when no External DLP
Policy was applied.
matches the global External DLP Policy, this value is
“DefaultGroup.” “NONE” appears when no External DLP
Policy was applied.
Any space in the policy group name is replaced with an
underscore ( _ ).
underscore ( _ ).
N/A (Part of the ACL
decision tag)
decision tag)
RoutingPolicy
Routing Policy group name as
ProxyGroupName/ProxyServerName.
ProxyGroupName/ProxyServerName.
When the transaction matches the global Routing Policy, this
value is “DefaultRouting.” When no upstream proxy server is
used, this value is “DIRECT.”
value is “DefaultRouting.” When no upstream proxy server is
used, this value is “DIRECT.”
Any space in the policy group name is replaced with an
underscore ( _ ).
underscore ( _ ).
%Xr
<IW_comp,6.9,-,"-",-,-,-,-,"
-",-,-,-,"-",-,-,"-","-",-,-
,IW_comp,-,"-","-","Unknown"
,"Unknown","-","-",198.34,0,
-,[Local],"-",37,"W32.CiscoT
estVector",33,0,"WSA-INFECTE
D-FILE.pdf","fd5ef49d4213e05
f448f11ed9c98253d85829614fba
368a421d14e64c426da5e”>
Scanning verdict information. Inside the angled brackets, the
access logs include verdict information from various scanning
engines.
access logs include verdict information from various scanning
engines.
For more information about the values included within the
angled brackets, see
angled brackets, see
.
%?BLOCK_SUSPECT
_USER_AGENT,
MONITOR_SUSPECT
_USER_AGENT?%
<User-Agent:%!%-%.
_USER_AGENT,
MONITOR_SUSPECT
_USER_AGENT?%
<User-Agent:%!%-%.
-
Suspect user agent.
Format Specifier
Field Value
Field Description