Cisco Cisco Web Security Appliance S170 사용자 가이드

The L4 Traffic Monitor log file provides a detailed record of monitoring activity. You can view L4 Traffic 
Monitor log file entries and track updates to firewall block lists and firewall allow lists. Consider the 
following example log entries:

172.xx.xx.xx discovered for blocksite.net (blocksite.net) added to firewall block list.

In this example, where a match becomes a block list firewall entry. The L4 Traffic Monitor matched an 
IP address to a domain name in the block list based on a DNS request which passed through the 
appliance. The IP address is then entered into the block list for the firewall.

172.xx.xx.xx discovered for www.allowsite.com (www.allowsite.com) added to firewall allow 

list.

In this example, a match becomes an allow list firewall entry. The L4 Traffic Monitor matched a domain 
name entry and added it to the appliance allow list. The IP address is then entered into the allow list for 
the firewall.

Firewall noted data from 172.xx.xx.xx to 209.xx.xx.xx (allowsite.net):80.

In this example, the L4 Traffic Monitor logs a record of data that passed between an internal IP address 
and an external IP address which is on the block list. Also, the L4 Traffic Monitor is set to monitor, not 
block.

19 Dialer

20 Hijacker

21 Phishing 

URL

22 Trojan 

Downloader

23 Trojan 

Horse

24 Trojan 

Phisher

25 Worm

26 Encrypted 

File

27 Virus

33 Other 

Malware

34 PUA

35 Aborted

36 Outbreak 

Heuristics