Cisco Cisco Web Security Appliance S170 사용자 가이드
25-17
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 25 Logging
Access Log File
Transaction Result Codes
Transaction result codes in the access log file describe how the appliance resolves client requests. For
example, if a request for an object can be resolved from the cache, the result code is
example, if a request for an object can be resolved from the cache, the result code is
TCP_HIT
. However,
if the object is not in the cache and the appliance pulls the object from an origin server, the result code
is
is
TCP_MISS
. The following table describes transaction result codes.
N/A (Part of the
ACL decision tag)
ACL decision tag)
RoutingPolicy
Routing Policy group name as
ProxyGroupName/ProxyServerName.
ProxyGroupName/ProxyServerName.
When the transaction matches the global Routing Policy, this value
is “DefaultRouting.” When no upstream proxy server is used, this
value is “DIRECT.”
is “DefaultRouting.” When no upstream proxy server is used, this
value is “DIRECT.”
Any space in the policy group name is replaced with an underscore
( _ ).
( _ ).
%Xr
<IW_comp,6.9,-,"-",-,-,-,-,"
-",-,-,-,"-",-,-,"-","-",-,-
,IW_comp,-,"-","-","Unknown"
,"Unknown","-","-",198.34,0,
-,[Local],"-","-">
Scanning verdict information. Inside the angled brackets, the
access logs include verdict information from various scanning
engines.
access logs include verdict information from various scanning
engines.
For more information about the values included within the angled
brackets, see
brackets, see
%?BLOCK_SUSPE
CT_USER_AGENT,
MONITOR_SUSPE
CT_USER_AGENT
?%<User-Agent:%!
%-%.
CT_USER_AGENT,
MONITOR_SUSPE
CT_USER_AGENT
?%<User-Agent:%!
%-%.
-
Suspect user agent.
Table 25-5
Access Log File Entry Fields (continued)
Format Specifier
Field Value
Field Description
Table 25-6
Transaction Result Codes
Result Code
Description
TCP_HIT
The object requested was fetched from the disk cache.
TCP_IMS_HIT
The client sent an IMS (If-Modified-Since) request for an object and the
object was found in the cache. The proxy responds with a 304 response.
object was found in the cache. The proxy responds with a 304 response.
TCP_MEM_HIT
The object requested was fetched from the memory cache.
TCP_MISS
The object was not found in the cache, so it was fetched from the origin
server.
server.
TCP_REFRESH_HIT
The object was in the cache, but had expired. The proxy sent an IMS
(If-Modified-Since) request to the origin server, and the server
confirmed that the object has not been modified. Therefore, the
appliance fetched the object from either the disk or memory cache.
(If-Modified-Since) request to the origin server, and the server
confirmed that the object has not been modified. Therefore, the
appliance fetched the object from either the disk or memory cache.
TCP_CLIENT_REFRESH_MISS
The client sent a “don’t fetch response from cache” request by issuing
the ‘Pragma: no-cache’ header. Due to this header from the client, the
appliance fetched the object from the origin server.
the ‘Pragma: no-cache’ header. Due to this header from the client, the
appliance fetched the object from the origin server.