Cisco Cisco Web Security Appliance S370 사용자 가이드
20-23
AsyncOS 8.5 for Cisco Web Security Appliances User Guide
Chapter 20 Monitor System Activity Through Logs
Interpreting Access Log Scanning Verdict Entries
19
-
%Xp
The External DLP scan verdict based on the result given in the
ICAP response.
ICAP response.
The following list describes the possible values for this field:
•
0. Allow
•
1. Block
•
- (hyphen). No scanning was initiated by the external DLP
server. This value appears when External DLP scanning is
disabled or when the content was not scanned due to an exempt
URL category on the External DLP Policies > Destinations
page.
server. This value appears when External DLP scanning is
disabled or when the content was not scanned due to an exempt
URL category on the External DLP Policies > Destinations
page.
20
IW_infr
%XQ
The URL category verdict determined during request-side
scanning, abbreviated.
scanning, abbreviated.
This field lists a hyphen ( - ) when URL filtering is disabled.
For a list of URL category abbreviations, see
.
21
-
%XA
The URL category verdict determined by the Dynamic Content
Analysis engine during response-side scanning, abbreviated.
Applies to the Cisco Web Usage Controls URL filtering engine
only. Only applies when the Dynamic Content Analysis engine is
enabled and when no category is assigned at request time (a value
of “nc” is listed in the request-side scanning verdict).
Analysis engine during response-side scanning, abbreviated.
Applies to the Cisco Web Usage Controls URL filtering engine
only. Only applies when the Dynamic Content Analysis engine is
enabled and when no category is assigned at request time (a value
of “nc” is listed in the request-side scanning verdict).
For a list of URL category abbreviations, see
.
22
“Trojan Phisher”
“%XZ”
Unified response-side anti-malware scanning verdict that provides
the malware category independent of which scanning engines are
enabled. Applies to transactions blocked or monitored due to
server response scanning.
the malware category independent of which scanning engines are
enabled. Applies to transactions blocked or monitored due to
server response scanning.
23
“-”
“%Xk”
The threat type returned by the Web Reputation filters which
resulted in the target website receiving a poor reputation. Typically,
this field is populated for sites at reputation of -4 and below.
resulted in the target website receiving a poor reputation. Typically,
this field is populated for sites at reputation of -4 and below.
24
“Unknown”
“%XO”
The application name as returned by the AVC engine, if applicable.
Only applies when the AVC engine is enabled.
25
“Unknown”
“%Xu”
The application type as returned by the AVC engine, if applicable.
Only applies when the AVC engine is enabled.
26
“-”
“%Xb”
The application behavior as returned by the AVC engine, if
applicable.
applicable.
Only applies when the AVC engine is enabled.
27
“-”
“%XS”
Safe browsing scanning verdict. This value indicates whether or
not either the safe search or site content ratings feature was applied
to the transaction.
not either the safe search or site content ratings feature was applied
to the transaction.
For a list of the possible values, see
Position
Field Value
Format Specifier Description