Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 1381 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[9.201-23] ATP log file empty

vilic
Workstation was probably infected with Zeus, and blocked on UTM (scrshot-1).

ATP log was blank, Web Filtering log shows:


[FONT="Courier New"]2014:05:19-15:07:24 utm httpproxy[32423]: id="0068" severity="info" sys="SecureWeb" sub="http" name="web request blocked, threat detected" action="block" method="CONNECT" srcip="192.168.1.208" dstip="" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2539" request="0xa55dba0" url="https://tmp90.edns.su/" exceptions="" error="" authtime="0" dnstime="0" cattime="0" avscantime="0" fullreqtime="1592" device="0" auth="0" virus="C2/Generic-A[/FONT]


So, what is the purpose of ATP log file if it doesn't log anything (scrshot-2) ?


.


This thread was automatically locked due to age.
Parents
  • 0
    vilic, you are right, ATP events generated by the web proxy are currently not logged to aptp.log. This was an intentional design decision to not slow down system that are processing heavy loads of web proxy traffic. But this should only affect aptp.log. E.g. reporting should see all the ATP events.

    Regards,
    mlenk
Reply
  • 0
    vilic, you are right, ATP events generated by the web proxy are currently not logged to aptp.log. This was an intentional design decision to not slow down system that are processing heavy loads of web proxy traffic. But this should only affect aptp.log. E.g. reporting should see all the ATP events.

    Regards,
    mlenk
Children
No Data