Cisco Cisco Web Security Appliance S680 Guía Del Usuario
20-31
Cisco AsyncOS 8.0.6 for Web User Guide
Chapter 20 Monitor System Activity Through Logs
Log File Management
In this example, where a match becomes a block list firewall entry. The Layer-4 Traffic Monitor matched
an IP address to a domain name in the block list based on a DNS request which passed through the
appliance. The IP address is then entered into the block list for the firewall.
an IP address to a domain name in the block list based on a DNS request which passed through the
appliance. The IP address is then entered into the block list for the firewall.
Example 2
172.xx.xx.xx discovered for www.allowsite.com (www.allowsite.com) added to firewall allow
list.
In this example, a match becomes an allow list firewall entry. The Layer-4 Traffic Monitor matched a
domain name entry and added it to the appliance allow list. The IP address is then entered into the allow
list for the firewall.
domain name entry and added it to the appliance allow list. The IP address is then entered into the allow
list for the firewall.
Example 3
Firewall noted data from 172.xx.xx.xx to 209.xx.xx.xx (allowsite.net):80.
In this example, the Layer-4 Traffic Monitor logs a record of data that passed between an internal IP
address and an external IP address which is on the block list. Also, the Layer-4 Traffic Monitor is set to
monitor, not block.
address and an external IP address which is on the block list. Also, the Layer-4 Traffic Monitor is set to
monitor, not block.
Related Topics
•
.
Log File Management
•
•
•
•
Log File Names and Appliance Directory Structure
The appliance creates a directory for each log subscription based on the log subscription name. The name
of the log file in the directory is composed of the following information:
of the log file in the directory is composed of the following information:
•
Log file name specified in the log subscription
•
Timestamp when the log file was started
•
A single-character status code, either
.c
(signifying current) or
.s
(signifying saved)
The filename of logs are made using the following formula:
/LogSubscriptionName/LogFilename.@timestamp.statuscode
Note
You should only transfer log files with the saved status.
Related Topics
•
.