Cisco Cisco Web Security Appliance S690 Guida Utente
Chapter 24 Logging
Traffic Monitor Log
24-54
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Traffic Monitor Log
The L4 Traffic Monitor log file provides a detailed record of monitoring activity.
You can view L4 Traffic Monitor log file entries and track updates to firewall
block lists and firewall allow lists. Consider the following example log entries:
You can view L4 Traffic Monitor log file entries and track updates to firewall
block lists and firewall allow lists. Consider the following example log entries:
Example 1
172.xx.xx.xx discovered for blocksite.net (blocksite.net) added to
firewall block list.
In this example, where a match becomes a block list firewall entry. The L4 Traffic
Monitor matched an IP address to a domain name in the block list based on a DNS
request which passed through the appliance. The IP address is then entered into
the block list for the firewall.
Monitor matched an IP address to a domain name in the block list based on a DNS
request which passed through the appliance. The IP address is then entered into
the block list for the firewall.
Example 2
172.xx.xx.xx discovered for www.allowsite.com (www.allowsite.com)
added to firewall allow list.
In this example, a match becomes an allow list firewall entry. The L4 Traffic
Monitor matched a domain name entry and added it to the appliance allow list.
The IP address is then entered into the allow list for the firewall.
Monitor matched a domain name entry and added it to the appliance allow list.
The IP address is then entered into the allow list for the firewall.
Example 3
Firewall noted data from 172.xx.xx.xx to 209.xx.xx.xx
(allowsite.net):80.
Trojan Horse
14
Trojan Downloader
15
Other Malware
16
Virus
17
PUA)
18
Table 24-13
Malware Scanning Verdict Values (continued)
Malware Category
Malware Scanning Verdict Value