Cisco Cisco Web Security Appliance S670 ユーザーガイド
Chapter 11 Outbound Malware Scanning
Logging
11-14
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Logging
The access logs indicate whether or not the DVS engine scanned an upload
request for malware. The scanning verdict information section of each access log
entry includes values for the DVS engine activity for scanned uploads. You can
also add one of the fields in
request for malware. The scanning verdict information section of each access log
entry includes values for the DVS engine activity for scanned uploads. You can
also add one of the fields in
find this DVS engine activity:
When the DVS engine marks an upload request as being malware and it is
configured to block malware uploads, the ACL decision tag in the access logs is
BLOCK_AMW_REQ.
configured to block malware uploads, the ACL decision tag in the access logs is
BLOCK_AMW_REQ.
However, when the DVS engine marks an upload request as being malware and it
is configured to monitor malware uploads, the ACL decision tag in the access logs
is actually determined by the Access Policy applied to the transaction.
is configured to monitor malware uploads, the ACL decision tag in the access logs
is actually determined by the Access Policy applied to the transaction.
To determine whether or not the DVS engine scanned an upload request for
malware view the results of the DVS engine activity in the scanning verdict
information section of each access log entry, or view the results of the fields from
malware view the results of the DVS engine activity in the scanning verdict
information section of each access log entry, or view the results of the fields from
added to the W3C or access logs.
For more information, see
Table 11-2
Log Fields in W3C Logs and Format Specifiers in Access Logs
W3C Log Field
Format Specifier in Access Logs
x-req-dvs-scanverdict
%X2
x-req-dvs-threat-name
%X4
x-req-dvs-verdictname
%X3