Cisco Cisco Web Security Appliance S680 Guía Del Usuario
24-35
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Chapter 24 Logging
Access Log File
Web Reputation Filters Example
In the following example, the URL request was allowed because the URL’s Web
Reputation score was high enough to qualify to be allowed without being scanned
for malware.
Reputation score was high enough to qualify to be allowed without being scanned
for malware.
1278100150.818 1303 172.xx.xx.xx TCP_MISS/200 46578 GET
http://www.cisco.com/ - DIRECT/www.cisco.com -
ALLOW_WBRS_11-AccessPolicy-Identity-NONE-NONE-NONE-DefaultGroup
<IW_comp,6.5,"-","-",-,-,-,"-","-",-,-,-,"-","-","-","-","-",-,-,IW_c
omp,-,"-","-","Unknown","Unknown","-","-",285.97,0,-,"-","-"> -
In this example, “6.5” is the Web Reputation score. The hyphen “
-
” values
indicate the request was not forwarded to the DVS engine for anti-malware
scanning. The ACL decision tag “ALLOW_WBRS” indicates that the request was
allowed, and therefore not forwarded for anti-malware scanning, based on this
Web Reputation score.
scanning. The ACL decision tag “ALLOW_WBRS” indicates that the request was
allowed, and therefore not forwarded for anti-malware scanning, based on this
Web Reputation score.
-
Unified request-side anti-malware scanning verdict independent of which
scanning engines are enabled. Applies to transactions blocked due to client
request scanning when an Outbound Malware Scanning Policy applies.
scanning engines are enabled. Applies to transactions blocked due to client
request scanning when an Outbound Malware Scanning Policy applies.
-
The threat name assigned to the client request that was blocked due to an
applicable Outbound Malware Scanning Policy.
applicable Outbound Malware Scanning Policy.
This threat name is independent of which anti-malware scanning engines are
enabled.
enabled.
Table 24-8
Access Log File Entry — Scanning Verdict Information
Field Value
Description