Cisco Cisco Web Security Appliance S670 User Guide
20-24
AsyncOS 8.5 for Cisco Web Security Appliances User Guide
Chapter 20 Monitor System Activity Through Logs
Interpreting Access Log Scanning Verdict Entries
Refer to
for a description of each format specifier’s function.
28
489.73
%XB
The average bandwidth consumed serving the request in Kb per
second.
second.
29
0
%XT
A value that indicates whether or not the request was throttled due
to bandwidth limit control settings. “1” indicates the request was
throttled, “0” indicates it was not.
to bandwidth limit control settings. “1” indicates the request was
throttled, “0” indicates it was not.
30
[Local]
%l
The type of user making the request, either “[Local]” or
“[Remote].” Only applies when AnyConnect Secure Mobility is
enabled. When it is not enabled, the value is a hyphen (-).
“[Remote].” Only applies when AnyConnect Secure Mobility is
enabled. When it is not enabled, the value is a hyphen (-).
31
“-”
“%X3”
Unified request-side anti-malware scanning verdict independent of
which scanning engines are enabled. Applies to transactions
blocked or monitored due to client request scanning when an
Outbound Malware Scanning Policy applies.
which scanning engines are enabled. Applies to transactions
blocked or monitored due to client request scanning when an
Outbound Malware Scanning Policy applies.
32
“-”
“%X4”
The threat name assigned to the client request that was blocked or
monitored due to an applicable Outbound Malware Scanning
Policy.
monitored due to an applicable Outbound Malware Scanning
Policy.
This threat name is independent of which anti-malware scanning
engines are enabled.
engines are enabled.
33
37
%X#1#
Verdict from Advanced Malware Protection file scanning:
•
“0” indicates the file is clean.
•
“1” indicates the file was not scanned due to its file type.
•
“2” or greater indicates the file is not clean.
34
"W32.CiscoTestVector"
%X#2#
Threat name, as determined by Advanced Malware Protection file
scanning. "-" indicates no threat.
scanning. "-" indicates no threat.
35
33
%X#3#
Reputation score from Advanced Malware Protection file
scanning.
scanning.
This score is used only if the cloud reputation service is unable to
determine a clear verdict for the file.
determine a clear verdict for the file.
36
0
%X#4#
Indicator of upload and analysis request:
“0” indicates that Advanced Malware Protection did not request
upload of the file for analysis.
upload of the file for analysis.
“1” indicates that Advanced Malware Protection did request
upload of the file for analysis.
upload of the file for analysis.
37
"WSA-INFECTED-FILE.pdf
"
%X#5#
The name of the file being downloaded and analyzed.
38
"fd5ef49d4213e05f448f1
1ed9c98253d85829614fba
368a421d14e64c426da5e
%X#6#
The SHA-256 identifier for this file.
Position
Field Value
Format Specifier Description