In webreporter normally we get allow or block logs under action.Also those URLs which are allowed in policy but not resolvable comes under allow logs.
In webgateway we can distinguish with the help of code number but Is there any way we can distinguish between allow and host not resolvable logs separately in webreporter.
Can like allow or block we can configure one option Host not resolvable??
Not resolvable (aka 502s) log entries are technically allowed requests. The MWG received the request, allowed it, and attempted to connect to the server but it failed.
I do agree that it would be nice to report on 502s more easily (much like allowed, blocked, etc...). It wouldn't be a bad idea to file a PER McAfee KnowledgeBase - How to submit a Product Enhancement Request (PER) so this was available fore the Quick View (summary) info.
To do it currently in the Reports (detailed) tab you can filter on the "HTTP Status", then exclude 502s: