Cisco Cisco Web Security Appliance S160 User Guide
24-23
Cisco IronPort AsyncOS 7.5 for Web User Guide
Chapter 24 Logging
Access Log File
position 13
“%Xj”
“-”
The name of the virus that McAfee scanned.
Applies to responses detected by McAfee only.
position 14
%XY
-
The malware scanning verdict Sophos passed to the DVS engine.
Applies to responses detected by Sophos only.
For more information, see
.
position 15
%Xx
-
A value that Sophos uses as a scan return code. Cisco IronPort Customer
Support may use this value when troubleshooting an issue.
Support may use this value when troubleshooting an issue.
Applies to responses detected by Sophos only.
position 16
“%Xy”
“-”
The file location where Sophos found the objectionable content. For
non-archive files, this value is the file name itself. For archive file, it is the
object in the archive, such as
non-archive files, this value is the file name itself. For archive file, it is the
object in the archive, such as
archive.zip/virus.exe
.
Applies to responses detected by Sophos only.
position 17
“%Xz”
“-”
A value that Sophos uses as the threat name. Cisco IronPort Customer
Support may use this value when troubleshooting an issue.
Support may use this value when troubleshooting an issue.
Applies to responses detected by Sophos only.
position 18
%Xl
-
The Cisco IronPort Data Security scan verdict based on the action in the
Content column of the Cisco IronPort Data Security Policy.
Content column of the Cisco IronPort Data Security Policy.
The following list describes the possible values for this field:
•
0. Allow
•
1. Block
•
- (hyphen). No scanning was initiated by the Cisco IronPort Data
Security Filters. This value appears when the Cisco IronPort Data
Security Filters is disabled or when the URL category action is set to
Allow.
Security Filters. This value appears when the Cisco IronPort Data
Security Filters is disabled or when the URL category action is set to
Allow.
position 19
%Xp
-
The External DLP scan verdict based on the result given in the ICAP
response.
response.
The following list describes the possible values for this field:
•
0. Allow
•
1. Block
•
- (hyphen). No scanning was initiated by the external DLP server. This
value appears when External DLP scanning is disabled or when the
content was not scanned due to an exempt URL category on the External
DLP Policies > Destinations page.
value appears when External DLP scanning is disabled or when the
content was not scanned due to an exempt URL category on the External
DLP Policies > Destinations page.
position 20
%XQ
IW_infr
The URL category verdict determined during request-side scanning,
abbreviated.
abbreviated.
This field lists a hyphen ( - ) when URL filtering is disabled.
For a list of URL category abbreviations, see
.
Table 24-8
Access Log File Entry — Scanning Verdict Information (continued)
Position and Format
Specifier
Specifier
Field Value
Description