Cisco Cisco Web Security Appliance S170 사용자 가이드
19-17
Cisco IronPort AsyncOS 7.7.5 for Web User Guide
Chapter 19 Configuring Security Services
Logging
Logging
The access log file records the information returned by the Web Reputation Filters and the DVS engine
for each transaction. The scanning verdict information section in the access logs includes many fields to
help understand the cause for the action applied to a transaction. For example, some fields display the
web reputation score or the malware scanning verdict Sophos passed to the DVS engine.
for each transaction. The scanning verdict information section in the access logs includes many fields to
help understand the cause for the action applied to a transaction. For example, some fields display the
web reputation score or the malware scanning verdict Sophos passed to the DVS engine.
For more information about the scanning verdict information section in the access log file, see
.
For more information about reading access log files, see
. For more an
example access log entry that explains web reputation processing, see
Logging Adaptive Scanning
When Adaptive Scanning is enabled, you can use the fields in
to learn more information about
how the adaptive scanning engine affected transactions.
Transactions blocked and monitored by the adaptive scanning engine use the following ACL decision
tags:
tags:
•
BLOCK_AMW_RESP
•
MONITOR_AMW_RESP
Caching
Notes about how AsyncOS use the cache while scanning for malware:
•
AsyncOS only caches objects if the entire object downloads. If malware is blocked during scanning,
the whole object is not downloaded and therefore is not cached.
the whole object is not downloaded and therefore is not cached.
•
AsyncOS scans content whether it is retrieved from the server or from the web cache.
•
The length of time that content is cached varies with many factors -- there is no default.
•
AsyncOS rescans content when signatures are updated.
Table 19-8
Adaptive Scanning Logging Information
Custom Field in
Access Logs
Access Logs
Custom Field in W3C Logs
Description
%X6
x-as-malware-threat-name
The anti-malware name returned by Adaptive
Scanning. If the transaction is not blocked, this field
returns a hyphen (“-”).
Scanning. If the transaction is not blocked, this field
returns a hyphen (“-”).
This variable is included in the scanning verdict
information (in the angled brackets at the end of each
access log entry).
information (in the angled brackets at the end of each
access log entry).