Cisco Cisco Web Security Appliance S170 사용자 가이드
24-21
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 24 Logging
Access Log File
Understanding Scanning Verdict Information
The access log file entries aggregate and display the results of the various scanning engines, such as URL
filtering, Web Reputation filtering, and anti-malware scanning. The appliance displays this information
in angled brackets at the end of each access log entry.
filtering, Web Reputation filtering, and anti-malware scanning. The appliance displays this information
in angled brackets at the end of each access log entry.
The following text is the scanning verdict information from an access log file entry. In this example, the
Webroot scanning engine found the malware:
Webroot scanning engine found the malware:
Note
For an example of a whole access log file entry, see
PASSTHRU_ADMIN
The Web Proxy passed through the transaction based on
some default settings for the Decryption Policy group.
some default settings for the Decryption Policy group.
PASSTHRU_WEBCAT
The Web Proxy passed through the transaction based on
URL category filtering settings for the Decryption Policy
group.
URL category filtering settings for the Decryption Policy
group.
PASSTHRU_WBRS
The Web Proxy passed through the transaction based on the
Web Reputation filter settings for the Decryption Policy
group.
Web Reputation filter settings for the Decryption Policy
group.
REDIRECT_CUSTOMCAT
The Web Proxy redirected the transaction to a different
URL based on a custom URL category in the Access Policy
group configured to “Redirect.”
URL based on a custom URL category in the Access Policy
group configured to “Redirect.”
SAAS_AUTH
The Web Proxy allowed the user access to the SaaS
application because the user was authenticated
transparently against the authentication realm configured in
the SaaS Application Authentication Policy.
application because the user was authenticated
transparently against the authentication realm configured in
the SaaS Application Authentication Policy.
OTHER
The Web Proxy did not complete the request due to an error,
such as an authorization failure, server disconnect, or an
abort from the client.
such as an authorization failure, server disconnect, or an
abort from the client.
Table 24-7
ACL Decision Tag Values (continued)
ACL Decision Tag
Description
<IW_infr,ns,24,"Trojan-Phisher-Gamec",0,354385,12559,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_
infr,-,"Trojan Phisher","-","Unknown","Unknown","-","-",489.73,0,[Local],"-","-">