Summary
In the InterScan Web Security Virtual Appliance (IWSVA) 6.0 web console, the Logs > Internet Access page shows only IP addresses in the domain section. Access to domains like www.google.com is not logged.
Details
The issue occurs because when an upstream proxy is configured in IWSVA, there is no value for the Server IP field of access logs. This prevents IWSVA from writing the logs.
To enable the IWSVA server to write access logs when there is no server IP information:
- Download IWSVA 6.0 Patch 1 or higher version of IWSVA Patch/Service Pack.
Note: If you are already using IWSVA 6.0 Patch 1 or higher version, proceed to Step 3.
- Install the patch. For the installation procedure, refer to the IWSVA 6.0 Patch 1 readme file.
- Open the /etc/iscan/intscan.ini file using a text editor.
- Go to the [internet-access-monitoring] section and add the “access_log_even_server_ip_empty” key with the value set to “yes”.
It should look like this:[internet-access-monitoring]
access_log_even_server_ip_empty=yesNote: To disable the option, either set "access_log_even_server_ip_empty” to “no", or delete the key and save the changes. - Save the changes and close the file.
- Restart the IWSVA HTTP scan daemon by running the following commands:
/etc/iscan/S99ISproxy stop
/etc/iscan/S99ISproxy start