Cisco Cisco Web Security Appliance S170 사용자 가이드
Chapter 24 Logging
Access Log File
24-34
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Web Reputation Filters Example
In the following example, the URL request was allowed because the URL’s Web
Reputation score was high enough to qualify to be allowed without being scanned
for malware.
Reputation score was high enough to qualify to be allowed without being scanned
for malware.
In this example, “6.5” is the Web Reputation score. The hyphen “
-
” values
indicate the request was not forwarded to the DVS engine for anti-malware
scanning. The ACL decision tag “ALLOW_WBRS” indicates that the request was
allowed, and therefore not forwarded for anti-malware scanning, based on this
Web Reputation score.
scanning. The ACL decision tag “ALLOW_WBRS” indicates that the request was
allowed, and therefore not forwarded for anti-malware scanning, based on this
Web Reputation score.
0
A value that indicates whether or not the request was throttled due to
bandwidth limit control settings. “1” indicates the request was throttled, “0”
indicates it was not.
bandwidth limit control settings. “1” indicates the request was throttled, “0”
indicates it was not.
[Local]
The type of user making the request, either “local” or “remote.” Only applies
when Mobile User Security is enabled. When it is not enabled, the value is
a hyphen (-).
when Mobile User Security is enabled. When it is not enabled, the value is
a hyphen (-).
-
Unified request-side anti-malware scanning verdict independent of which
scanning engines are enabled. Applies to transactions blocked or monitored
due to client request scanning when an Outbound Malware Scanning Policy
applies.
scanning engines are enabled. Applies to transactions blocked or monitored
due to client request scanning when an Outbound Malware Scanning Policy
applies.
-
The threat name assigned to the client request that was blocked or monitored
due to an applicable Outbound Malware Scanning Policy.
due to an applicable Outbound Malware Scanning Policy.
This threat name is independent of which anti-malware scanning engines are
enabled.
enabled.
Table 24-8
Access Log File Entry — Scanning Verdict Information
Field Value
Description
1278100150.818 1303 172.xx.xx.xx TCP_MISS/200 46578 GET
http://www.cisco.com/ - DIRECT/www.cisco.com -
ALLOW_WBRS_11-AccessPolicy-Identity-NONE-NONE-NONE-DefaultGroup
<IW_comp,6.5,"-","-",-,-,-,"-","-",-,-,-,"-","-","-","-","-",-,-,IW_c
omp,-,"-","-","Unknown","Unknown","-","-",285.97,0,-,"-","-"> -