Cisco Cisco Web Security Appliance S670
15
Release Notes for Cisco AsyncOS 8.0.8 for Web
Documentation Updates
Refer to
“Log File Fields and Tags” on page 21-28 of the AsyncOS 8.7 for Cisco Web Security Appliances
User Guide
for a description of each format specifier’s function.
29
0
%XT
A value that indicates whether the request was throttled due to
bandwidth limit control settings, where “1” indicates the request was
throttled, and “0” indicates it was not.
bandwidth limit control settings, where “1” indicates the request was
throttled, and “0” indicates it was not.
30
[Local]
%l
The type of user making the request, either “[Local]” or “[Remote].”
Only applies when AnyConnect Secure Mobility is enabled. When it
is not enabled, the value is a hyphen (-).
Only applies when AnyConnect Secure Mobility is enabled. When it
is not enabled, the value is a hyphen (-).
31
“-”
“%X3”
Unified request-side anti-malware scanning verdict independent of
which scanning engines are enabled. Applies to transactions blocked
or monitored due to client request scanning when an Outbound
Malware Scanning Policy applies.
which scanning engines are enabled. Applies to transactions blocked
or monitored due to client request scanning when an Outbound
Malware Scanning Policy applies.
32
“-”
“%X4”
The threat name assigned to the client request that was blocked or
monitored due to an applicable Outbound Malware Scanning Policy.
monitored due to an applicable Outbound Malware Scanning Policy.
This threat name is independent of which anti-malware scanning
engines are enabled.
engines are enabled.
33
37
%X#1#
Verdict from Advanced Malware Protection file scanning:
•
0: File is not malicious
•
1: File was not scanned because of its file type
•
2: File scan timed out
•
3: Scan error
•
Greater than 3: File is malicious
34
"W32.CiscoTestVector"
%X#2#
Threat name, as determined by Advanced Malware Protection file
scanning; "-" indicates no threat.
scanning; "-" indicates no threat.
35
33
%X#3#
Reputation score from Advanced Malware Protection file scanning.
This score is used only if the cloud reputation service is unable to
determine a clear verdict for the file.
This score is used only if the cloud reputation service is unable to
determine a clear verdict for the file.
For details, see information about the Threat Score and the
reputation threshold in
reputation threshold in
Chapter 14, “File Reputation Filtering and
File Analysis,” of the AsyncOS 8.7 for Cisco Web Security
Appliances User Guide
Appliances User Guide
36
0
%X#4#
Indicator of upload and analysis request:
“0” indicates that Advanced Malware Protection did not request
upload of the file for analysis.
upload of the file for analysis.
“1” indicates that Advanced Malware Protection did request upload
of the file for analysis.
of the file for analysis.
37
"WSA-INFECTED-FILE.pdf
"
%X#5#
The name of the file being downloaded and analyzed.
38
"fd5ef49d4213e05f448f1
1ed9c98253d85829614fba
368a421d14e64c426da5e
%X#6#
The SHA-256 identifier for this file.
Position Field Value
Format Specifier Description