Cisco Cisco Web Security Appliance S680 Guía Del Usuario
20-19
Cisco AsyncOS for Web User Guide
Chapter 20 Monitor System Activity Through Logs
Log File Types
Interpreting Traffic Monitor Logs
Use the examples below to interpret the various entry types contains in Traffic Monitor Logs.
Example 1
172.xx.xx.xx discovered for blocksite.net (blocksite.net) added to firewall block list.
In this example, where a match becomes a block list firewall entry. The Layer-4 Traffic Monitor matched
an IP address to a domain name in the block list based on a DNS request which passed through the
appliance. The IP address is then entered into the block list for the firewall.
an IP address to a domain name in the block list based on a DNS request which passed through the
appliance. The IP address is then entered into the block list for the firewall.
Example 2
172.xx.xx.xx discovered for www.allowsite.com (www.allowsite.com) added to firewall allow
list.
In this example, a match becomes an allow list firewall entry. The Layer-4 Traffic Monitor matched a
domain name entry and added it to the appliance allow list. The IP address is then entered into the allow
list for the firewall.
domain name entry and added it to the appliance allow list. The IP address is then entered into the allow
list for the firewall.
Example 3
Firewall noted data from 172.xx.xx.xx to 209.xx.xx.xx (allowsite.net):80.
In this example, the Layer-4 Traffic Monitor logs a record of data that passed between an internal IP
address and an external IP address which is on the block list. Also, the Layer-4 Traffic Monitor is set to
monitor, not block.
address and an external IP address which is on the block list. Also, the Layer-4 Traffic Monitor is set to
monitor, not block.
Related Topics
•
Log File Types
The log file type indicates what information is recorded in the generated log, such as web traffic or
system data. The Web Security appliance has log subscriptions for most log file types by default, with
the exception of Web Proxy troubleshooting logs.
system data. The Web Security appliance has log subscriptions for most log file types by default, with
the exception of Web Proxy troubleshooting logs.
The following table describes the Web Security appliance log file types.
Log File Type
Description
Supports
Syslog Push?
Syslog Push?
Enabled by
Default?
Default?
Access Control
Engine Logs
Engine Logs
Records messages related to the Web Proxy ACL
(access control list) evaluation engine.
(access control list) evaluation engine.
No
No
AMP Engine Logs
Records information about file reputation scanning
and file analysis (Advanced Malware Protection.)
and file analysis (Advanced Malware Protection.)
See also
Yes Yes
Access Logs
Records Web Proxy client history.
Yes
Yes
Authentication
Framework Logs
Framework Logs
Records authentication history and messages.
No
Yes
AVC Engine
Framework Logs
Framework Logs
Records messages related to communication
between the Web Proxy and the AVC engine.
between the Web Proxy and the AVC engine.
No
No
AVC Engine Logs
Records debug messages from the AVC engine.
Yes
Yes