Cisco Cisco Web Security Appliance S660 Mode D'Emploi
21-36
AsyncOS 9.1 for Cisco Web Security Appliances User Guide
Chapter 21 Monitor System Activity Through Logs
Log File Fields and Tags
%XP
x-acl-added-headers
Unrecognized header. Use this field to log extra
headers in client requests. This supports
troubleshooting of specialized systems that add
headers to client requests as a way of authenticating
and redirecting those requests, for example,
YouTube for Schools.
headers in client requests. This supports
troubleshooting of specialized systems that add
headers to client requests as a way of authenticating
and redirecting those requests, for example,
YouTube for Schools.
%XQ
x-webcat-req-code-abbr
The URL category verdict determined during
request-side scanning, abbreviated.
request-side scanning, abbreviated.
%Xr
x-result-code
Scanning verdict information.
%XR
x-webcat-req-code-full
The URL category verdict determined during
request-side scanning, full name.
request-side scanning, full name.
%Xs
x-webroot-spyid
Webroot specific identifier: (Spy ID).
%XS
x-request-rewrite
Safe browsing scanning verdict.
Indicates whether either the safe search or site content
ratings feature was applied to the transaction.
ratings feature was applied to the transaction.
%Xt
x-webroot-trr
Webroot specific identifier: (Threat Risk Ratio
[TRR]).
[TRR]).
%XT
x-bw-throttled
Flag that indicates whether bandwidth limits were
applied to the transaction.
applied to the transaction.
%Xu
x-avc-type
The web application type identified by the
AVC engine.
AVC engine.
%Xv
x-webroot-scanverdict
Malware scanning verdict from Webroot.
%XV
x-request-source-ip
The downstream IP address when the “Enable
Identification of Client IP Addresses using
X-Forwarded-For” checkbox is enabled for the Web
Proxy settings.
Identification of Client IP Addresses using
X-Forwarded-For” checkbox is enabled for the Web
Proxy settings.
%XW
x-wbrs-score
Decoded WBRS score <-10.0-10.0>.
%Xx
x-sophos-scanerror
Sophos specific identifier: (scan return code).
%Xy
x-sophos-file-name
The file location where Sophos found the
objectionable content. For non-archive files, this
value is the file name itself. For archive file, it is the
object in the archive, such as
objectionable content. For non-archive files, this
value is the file name itself. For archive file, it is the
object in the archive, such as
archive.zip/virus.exe
.
%XY
x-sophos-scanverdict
Sophos specific identifier: (scan verdict).
%Xz
x-sophos-virus-name
Sophos specific identifier: (threat name).
%XZ
x-resp-dvs-verdictname
Unified response-side anti-malware scanning verdict
that provides the malware category independent of
which scanning engines are enabled. Applies to
transactions blocked or monitored due to server
response scanning.
that provides the malware category independent of
which scanning engines are enabled. Applies to
transactions blocked or monitored due to server
response scanning.
This field is written with double-quotes in the
access logs.
access logs.
Format Specifier in
Access Logs
Access Logs
Log Field in W3C Logs
Description