Cisco Cisco Web Security Appliance S680 Guía Del Usuario
13-17
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 13 Data Security and External DLP Policies
Logging
Figure 13-8
Scanning Destinations Settings for External DLP Policies
Step 4
In the Destination to scan section, choose one of the following options:
•
Do not scan any uploads. No upload requests are sent to the configured DLP system(s) for
scanning. All upload requests are evaluated against the Access Policies.
scanning. All upload requests are evaluated against the Access Policies.
•
Scan all uploads. All upload requests are sent to the configured DLP system(s) for scanning. The
upload request is blocked or evaluated against the Access Policies depending on the DLP system
scanning verdict.
upload request is blocked or evaluated against the Access Policies depending on the DLP system
scanning verdict.
•
Scan uploads to specified custom URL categories only. Upload requests that fall in specific
custom URL categories are sent to the configured DLP system for scanning. The upload request is
blocked or evaluated against the Access Policies depending on the DLP system scanning verdict.
Click Edit custom categories list to select the URL categories to scan.
custom URL categories are sent to the configured DLP system for scanning. The upload request is
blocked or evaluated against the Access Policies depending on the DLP system scanning verdict.
Click Edit custom categories list to select the URL categories to scan.
Step 5
Submit and commit your changes.
Logging
The access logs indicate whether or not an upload request was scanned by either the Cisco IronPort Data
Security Filters or an external DLP server. The access log entries include a field for the Cisco IronPort
Data Security scan verdict and another field for the External DLP scan verdict based. For more
information, see
Security Filters or an external DLP server. The access log entries include a field for the Cisco IronPort
Data Security scan verdict and another field for the External DLP scan verdict based. For more
information, see
.
In addition to the access logs, the Web Security appliance provides the following log file types to
troubleshoot Cisco IronPort Data Security and External DLP Policies:
troubleshoot Cisco IronPort Data Security and External DLP Policies:
•
Data Security Logs. Records client history for upload requests that are evaluated by the Cisco
IronPort Data Security Filters.
IronPort Data Security Filters.
•
Data Security Module Logs. Records messages related to the Cisco IronPort Data Security Filters.
•
Default Proxy Logs. In addition recording errors related to the Web Proxy, the default proxy logs
include messages related to connecting to external DLP servers. This allows you to troubleshoot
connectivity or integration problems with external DLP servers.
include messages related to connecting to external DLP servers. This allows you to troubleshoot
connectivity or integration problems with external DLP servers.
The following text illustrates a sample Data Security Log entry:
Mon Mar 30 03:02:13 2009 Info: 303 10.1.1.1 - -
<<bar,text/plain,5120><foo,text/plain,5120>>
BLOCK_WEBCAT_IDS-allowall-DefaultGroup-DefaultGroup-NONE-DefaultRouting ns server.com nc