Cisco Cisco Web Security Appliance S160 Guía Del Usuario
19-18
Cisco IronPort AsyncOS 7.5 for Web User Guide
Chapter 19 Configuring Security Services
Logging
Logging
The access log file records the information returned by the Web Reputation Filters and the DVS engine
for each transaction. The scanning verdict information section in the access logs includes many fields to
help understand the cause for the action applied to a transaction. For example, some fields display the
web reputation score or the malware scanning verdict Sophos passed to the DVS engine.
for each transaction. The scanning verdict information section in the access logs includes many fields to
help understand the cause for the action applied to a transaction. For example, some fields display the
web reputation score or the malware scanning verdict Sophos passed to the DVS engine.
For more information about the scanning verdict information section in the access log file, see
For more information about reading access log files, see
. For more an
example access log entry that explains web reputation processing, see
Logging Adaptive Scanning
When Adaptive Scanning is enabled, you can use the fields in
to learn more information about
how the adaptive scanning engine affected transactions.
Transactions blocked and monitored by the adaptive scanning engine use the following ACL decision
tags:
tags:
•
BLOCK_AMW_RESP
•
MONITOR_AMW_RESP
Table 19-8
Adaptive Scanning Logging Information
Custom Field in
Access Logs
Access Logs
Custom Field in W3C Logs
Description
%X6
x-as-malware-threat-name
The anti-malware name returned by Adaptive
Scanning. If the transaction is not blocked, this field
returns a hyphen (“-”).
Scanning. If the transaction is not blocked, this field
returns a hyphen (“-”).
This variable is included in the scanning verdict
information (in the angled brackets at the end of each
access log entry).
information (in the angled brackets at the end of each
access log entry).