Cisco Cisco Web Security Appliance S690 Guida Utente

Refer to 

 for a description of each format specifier’s function.

The access log file entries aggregate and display the results of the various scanning engines, such as URL 
filtering, Web Reputation filtering, and anti-malware scanning. The appliance displays this information 
in angled brackets at the end of each access log entry. 

The following text is the scanning verdict information from an access log file entry. In this example, the 
Webroot scanning engine found the malware: 

For an example of a whole access log file entry, see 

.

Each item of information in this example corresponds to a log file format specifier as shown in the 
following table:

12

DEFAULT_CASE_11

 %D 

13

AccessOrDecryptionPolicy

N/A (Part of &D)

14

Identity

 

N/A (Part of &D)

15

OutboundMalwareScanningPolicy

 

N/A (Part of &D)

16

DataSecurityPolicy

 

N/A (Part of &D)

17

ExternalDLPPolicy

 

N/A (Part of &D)

18

RoutingPolicy

 

N/A (Part of &D)

19

<IW_comp,6.9,-,"-",-,-,-,-,"-",

-,-,-,"-",-,-,"-","-",-,-,IW_co

mp,-,"-","-","Unknown","Unknown

","-","-",198.34,0,-,[Local],"-

",37,"W32.CiscoTestVector",33,0

,"WSA-INFECTED-FILE.pdf","fd5ef

49d4213e05f448f11ed9c98253d8582

9614fba368a421d14e64c426da5e”>

%Xr

20

-

%?BLOCK_SUSPECT_USER_AGE
NT,
MONITOR_SUSPECT_USER_AGE
NT?%<User-Agent:%!%-%.

<IW_infr,ns,24,"Trojan-Phisher-Gamec",0,354385,12559,-,"-",-,-,-,"-",-,-,"-","-",-,-,

IW_infr,-,"Trojan Phisher","-","Unknown","Unknown","-","-",489.73,0,-,[Local],"-"

,37,"W32.CiscoTestVector",33,0,"WSA-INFECTED-FILE.pdf","fd5ef49d4213e05f448f11ed9c98253d

85829614fba368a421d14e64c426da5e”>

1

IW_infr

%XC

2

ns

%XW

3

24

%Xv

4

“Trojan-Phisher-Gamec”

“%Xn”