Howto read debug from Ironport Web Security Appliance
I have asked before but haven't gotten an answer I can use. The question is very simple; where is the documentation for how to read trace-logs from the Web Security Appliance? We have S160 with the latest AsyncOS.
Example; The appliance blocks a request to a java applet after logging into www.survey-xact.dk/login. I checked the URL with the policy trace and it reported successful, no problem there.. However, the java applet was blocked. I used HTTPwatch and found that the Java applet generated a request to another IP-address. I did a grep on the access-log and came up with some data. How do I interpret the output? (see below) I don't understand any of the codes etc, and there's hardly any documentation on this. The solution in this case was to add the IP to the https bypass-list and it worked. However, we have so many ip-addresses and URL's on that list now that I'm considering taking out the proxy and replace it with an ordinary URL-filter instead. What's the point of having a proxy when you can't read from the logs WHY it blocks access to an IP? The best solution must be to find out why the proxy blocks the access, and then configure it to allow the proxy without having to add everything to the bypass-list??
Enter the regular expression to grep.
Do you want this search to be case insensitive? [Y]>
Do you want to search for non-matching lines? [N]>
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...