Cisco Cisco Web Security Appliance S660 Guida Utente
21-36
AsyncOS 8.7 for Cisco Web Security Appliances User Guide
Chapter 21 Monitor System Activity Through Logs
Log File Fields and Tags
%XS
x-request-rewrite
Safe browsing scanning verdict.
Indicates whether either the safe search or site content
ratings feature was applied to the transaction.
ratings feature was applied to the transaction.
%Xt
x-webroot-trr
Webroot specific identifier: (Threat Risk Ratio
[TRR]).
[TRR]).
%XT
x-bw-throttled
Flag that indicates whether bandwidth limits were
applied to the transaction.
applied to the transaction.
%Xu
x-avc-type
The web application type identified by the
AVC engine.
AVC engine.
%Xv
x-webroot-scanverdict
Malware scanning verdict from Webroot.
%XV
x-request-source-ip
The downstream IP address when the “Enable
Identification of Client IP Addresses using
X-Forwarded-For” checkbox is enabled for the Web
Proxy settings.
Identification of Client IP Addresses using
X-Forwarded-For” checkbox is enabled for the Web
Proxy settings.
%XW
x-wbrs-score
Decoded WBRS score <-10.0-10.0>.
%Xx
x-sophos-scanerror
Sophos specific identifier: (scan return code).
%Xy
x-sophos-file-name
The file location where Sophos found the
objectionable content. For non-archive files, this
value is the file name itself. For archive file, it is the
object in the archive, such as
objectionable content. For non-archive files, this
value is the file name itself. For archive file, it is the
object in the archive, such as
archive.zip/virus.exe
.
%XY
x-sophos-scanverdict
Sophos specific identifier: (scan verdict).
%Xz
x-sophos-virus-name
Sophos specific identifier: (threat name).
%XZ
x-resp-dvs-verdictname
Unified response-side anti-malware scanning verdict
that provides the malware category independent of
which scanning engines are enabled. Applies to
transactions blocked or monitored due to server
response scanning.
that provides the malware category independent of
which scanning engines are enabled. Applies to
transactions blocked or monitored due to server
response scanning.
This field is written with double-quotes in the
access logs.
access logs.
%X#1#
x-amp-verdict
Verdict from Advanced Malware Protection
file scanning:
file scanning:
•
0: File is not malicious.
•
1: File was not scanned because of its file type.
•
2: File scan timed out.
•
3: Scan error.
•
Greater than 3: File is malicious.
%X#2#
x-amp-malware-name
Threat name, as determined by Advanced Malware
Protection file scanning. “-” indicates no threat.
Protection file scanning. “-” indicates no threat.
Format Specifier in
Access Logs
Access Logs
Log Field in W3C Logs
Description