Cisco Cisco Web Security Appliance S170 Guía Del Usuario
24-37
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Chapter 24 Logging
W3C Compliant Access Logs
The following list explains the values in this access log entry that show that this
transaction was blocked based on the result of the Webroot scanning engine:
transaction was blocked based on the result of the Webroot scanning engine:
•
TCP_DENIED. The website was denied due to Access Policies.
•
BLOCK_AMW_RESP_11-AccessPol. This transaction matched the
“AccessPol” Access Policy group, and the due to the settings defined in that
policy group, the server response was blocked due to detected malware.
“AccessPol” Access Policy group, and the due to the settings defined in that
policy group, the server response was blocked due to detected malware.
•
3.0 in the angled brackets. The URL received a Web Reputation Score of
3.0, which fell in the score range to scan further.
3.0, which fell in the score range to scan further.
•
“Trojan Phisher” in the angled brackets. The malware scanning verdict
Webroot passed to the DVS engine.
Webroot passed to the DVS engine.
•
“Trojan-Phisher-Gamec”. The name of the malware that Webroot scanned.
W3C Compliant Access Logs
The Web Security appliance provides two different log types for recording Web
Proxy transaction information, the access logs and the W3C access logs. The
W3C access logs are W3C compliant, and record transaction history in the W3C
Extended Log File (ELF) Format.
Proxy transaction information, the access logs and the W3C access logs. The
W3C access logs are W3C compliant, and record transaction history in the W3C
Extended Log File (ELF) Format.
You can create multiple W3C access log subscriptions and define the data to
include in each. You might want to create one W3C access log that includes all
information your organization typically needs, and other, specialized W3C access
logs that can be used for troubleshooting purposes or special analysis. For
example, you might want to create a W3C access log for an HR manager that only
needs access to certain information.
include in each. You might want to create one W3C access log that includes all
information your organization typically needs, and other, specialized W3C access
logs that can be used for troubleshooting purposes or special analysis. For
example, you might want to create a W3C access log for an HR manager that only
needs access to certain information.
Consider the following rules and guidelines when working with W3C access logs:
•
You define what data is recorded in each W3C access log subscription.
•
The W3C logs are self-describing. The file format (list of fields) is defined in
a header at the start of each log file.
a header at the start of each log file.
•
Fields in the W3C access logs are separated by a white space.
•
If a field contains no data for a particular entry, a hyphen ( - ) is included in
the log file instead.
the log file instead.
•
Each line in the W3C access log file relates to one transaction, and each line
is terminated by a LF sequence.
is terminated by a LF sequence.