Cisco Cisco Web Security Appliance S670 User Guide
21-22
AsyncOS 8.8 for Cisco Web Security Appliances User Guide
Chapter 21 Monitor System Activity Through Logs
Access Log Files
18
-
%Xl
The Cisco Data Security scan verdict based on the action in the
Content column of the Cisco Data Security Policy. The following list
describes the possible values for this field:
Content column of the Cisco Data Security Policy. The following list
describes the possible values for this field:
•
0. Allow
•
1. Block
•
- (hyphen). No scanning was initiated by the Cisco Data
Security Filters. This value appears when the Cisco Data
Security Filters are disabled, or when the URL category action
is set to Allow.
Security Filters. This value appears when the Cisco Data
Security Filters are disabled, or when the URL category action
is set to Allow.
19
-
%Xp
The External DLP scan verdict based on the result given in the ICAP
response. The following list describes the possible values for this
field:
response. The following list describes the possible values for this
field:
•
0. Allow
•
1. Block
•
- (hyphen). No scanning was initiated by the external DLP server.
This value appears when External DLP scanning is disabled, or
when the content was not scanned due to an exempt URL category
on the External DLP Policies > Destinations page.
This value appears when External DLP scanning is disabled, or
when the content was not scanned due to an exempt URL category
on the External DLP Policies > Destinations page.
20
IW_infr
%XQ
The URL category verdict determined during request-side scanning,
abbreviated. This field lists a hyphen ( - ) when URL filtering is
disabled.
abbreviated. This field lists a hyphen ( - ) when URL filtering is
disabled.
For a list of URL category abbreviations, see
.
21
-
%XA
The URL category verdict determined by the Dynamic Content
Analysis engine during response-side scanning, abbreviated. Applies
to the Cisco Web Usage Controls URL filtering engine only. Only
applies when the Dynamic Content Analysis engine is enabled and
when no category is assigned at request time (a value of “nc” is listed
in the request-side scanning verdict).
Analysis engine during response-side scanning, abbreviated. Applies
to the Cisco Web Usage Controls URL filtering engine only. Only
applies when the Dynamic Content Analysis engine is enabled and
when no category is assigned at request time (a value of “nc” is listed
in the request-side scanning verdict).
For a list of URL category abbreviations, see
.
22
“Trojan Phisher”
“%XZ”
Unified response-side anti-malware scanning verdict that provides
the malware category independent of which scanning engines are
enabled. Applies to transactions blocked or monitored due to server
response scanning.
the malware category independent of which scanning engines are
enabled. Applies to transactions blocked or monitored due to server
response scanning.
23
“-”
“%Xk”
The threat type returned by the Web Reputation filters which resulted
in the target website receiving a poor reputation. Typically, this field
is populated for sites at reputation of -4 and below.
in the target website receiving a poor reputation. Typically, this field
is populated for sites at reputation of -4 and below.
24
“Unknown”
“%XO”
The application name as returned by the AVC engine, if applicable.
Only applies when the AVC engine is enabled.
Only applies when the AVC engine is enabled.
25
“Unknown”
“%Xu”
The application type as returned by the AVC engine, if applicable.
Only applies when the AVC engine is enabled.
Only applies when the AVC engine is enabled.
26
“-”
“%Xb”
The application behavior as returned by the AVC engine, if
applicable. Only applies when the AVC engine is enabled.
applicable. Only applies when the AVC engine is enabled.
Position Field Value
Format Specifier Description