Cisco Cisco Web Security Appliance S660 Guida Utente
20-31
Cisco AsyncOS for Web User Guide
Chapter 20 Monitor System Activity Through Logs
Log File Fields and Tags
%XP
x-acl-added-headers
Unrecognized header. Use this field to log
extra headers in client requests. This supports
troubleshooting of specialized systems that
add headers to client requests as a way of
authenticating and redirecting those requests,
for example, YouTube for Schools.
extra headers in client requests. This supports
troubleshooting of specialized systems that
add headers to client requests as a way of
authenticating and redirecting those requests,
for example, YouTube for Schools.
%XQ
x-webcat-req-code-abbr
The URL category verdict determined during
request-side scanning, abbreviated.
request-side scanning, abbreviated.
%Xr
x-result-code
Scanning verdict information.
%XR
x-webcat-req-code-full
The URL category verdict determined during
request-side scanning, full name.
request-side scanning, full name.
%Xs
x-webroot-spyid
Webroot specific identifier: (Spy ID)
%XS
x-request-rewrite
Safe browsing scanning verdict.
Indicates whether or not either the safe
search or site content ratings feature was
applied to the transaction.
search or site content ratings feature was
applied to the transaction.
%Xt
x-webroot-trr
Webroot specific identifier: (Threat Risk
Ratio (TRR))
Ratio (TRR))
%XT
x-bw-throttled
Flag that indicates whether or not bandwidth
limits were applied to the transaction.
limits were applied to the transaction.
%Xu
x-avc-type
The web application type identified by the
AVC engine.
AVC engine.
%Xv
x-webroot-scanverdict
Malware scanning verdict from Webroot
%XV
x-request-source-ip
The downstream IP address when the
“Enable Identification of Client IP Addresses
using X-Forwarded-For” check box is
enabled for the Web Proxy settings.
“Enable Identification of Client IP Addresses
using X-Forwarded-For” check box is
enabled for the Web Proxy settings.
%XW
x-wbrs-score
Decoded WBRS score <-10.0-10.0>
%Xx
x-sophos-scanerror
Sophos specific identifier: (scan return code)
%Xy
x-sophos-file-name
The file location where Sophos found the
objectionable content. For non-archive files,
this value is the file name itself. For archive
file, it is the object in the archive, such as
objectionable content. For non-archive files,
this value is the file name itself. For archive
file, it is the object in the archive, such as
archive.zip/virus.exe
.
%XY
x-sophos-scanverdict
Sophos specific identifier: (scan verdict)
%Xz
x-sophos-virus-name
Sophos specific identifier: (threat name)
%XZ
x-resp-dvs-verdictname
Unified response-side anti-malware scanning
verdict that provides the malware category
independent of which scanning engines are
enabled. Applies to transactions blocked or
monitored due to server response scanning.
verdict that provides the malware category
independent of which scanning engines are
enabled. Applies to transactions blocked or
monitored due to server response scanning.
This field is written with double-quotes in the
access logs.
access logs.
Format Specifier in
Access Logs
Access Logs
Log Field in W3C Logs
Description