Cisco Cisco Web Security Appliance S170 Guía Del Usuario
12-6
AsyncOS 9.0.1 for Cisco Web Security Appliances User Guide
Chapter 12 Scan Outbound Traffic for Existing Infections
Logging of DVS Scanning
Logging of DVS Scanning
The access logs indicate whether or not the DVS engine scanned an upload request for malware. The
scanning verdict information section of each access log entry includes values for the DVS engine activity
for scanned uploads. You can also add one of the fields to the W3C or access logs to more easily find
this DVS engine activity:
scanning verdict information section of each access log entry includes values for the DVS engine activity
for scanned uploads. You can also add one of the fields to the W3C or access logs to more easily find
this DVS engine activity:
When the DVS engine marks an upload request as being malware and it is configured to block malware
uploads, the ACL decision tag in the access logs is BLOCK_AMW_REQ.
uploads, the ACL decision tag in the access logs is BLOCK_AMW_REQ.
However, when the DVS engine marks an upload request as being malware and it is configured to
monitor malware uploads, the ACL decision tag in the access logs is actually determined by the Access
Policy applied to the transaction.
monitor malware uploads, the ACL decision tag in the access logs is actually determined by the Access
Policy applied to the transaction.
To determine whether or not the DVS engine scanned an upload request for malware, view the results of
the DVS engine activity in the scanning verdict information section of each access log entry.
the DVS engine activity in the scanning verdict information section of each access log entry.
Table 12-1
Log Fields in W3C Logs and Format Specifiers in Access Logs
W3C Log Field
Format Specifier in Access Logs
x-req-dvs-scanverdict
%X2
x-req-dvs-threat-name
%X4
x-req-dvs-verdictname
%X3