Cisco Cisco Web Security Appliance S670 Mode D'Emploi

Layer-4 Traffic Monitor log files provides a detailed record of Layer-4 monitoring activity. You can view 
Layer-4 Traffic Monitor log file entries to track updates to firewall block lists and firewall allow lists. 

Use the examples below to interpret the various entry types contains in Traffic Monitor Logs.

172.xx.xx.xx discovered for blocksite.net (blocksite.net) added to firewall block list.

In this example, where a match becomes a block list firewall entry. The Layer-4 Traffic Monitor matched 
an IP address to a domain name in the block list based on a DNS request which passed through the 
appliance. The IP address is then entered into the block list for the firewall.

172.xx.xx.xx discovered for www.allowsite.com (www.allowsite.com) added to firewall allow 

list.

In this example, a match becomes an allow list firewall entry. The Layer-4 Traffic Monitor matched a 
domain name entry and added it to the appliance allow list. The IP address is then entered into the allow 
list for the firewall.

Firewall noted data from 172.xx.xx.xx to 209.xx.xx.xx (allowsite.net):80.

In this example, the Layer-4 Traffic Monitor logs a record of data that passed between an internal IP 
address and an external IP address which is on the block list. Also, the Layer-4 Traffic Monitor is set to 
monitor, not block.