Cisco Cisco Web Security Appliance S370 사용자 가이드
24-24
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 24 Logging
Access Log File
position 21
%XA
-
The URL category verdict determined by the Dynamic Content Analysis
engine during response-side scanning, abbreviated. Applies to the Cisco
IronPort Web Usage Controls URL filtering engine only. Only applies when
the Dynamic Content Analysis engine is enabled and when no category is
assigned at request time (a value of “nc” is listed in the request-side
scanning verdict).
engine during response-side scanning, abbreviated. Applies to the Cisco
IronPort Web Usage Controls URL filtering engine only. Only applies when
the Dynamic Content Analysis engine is enabled and when no category is
assigned at request time (a value of “nc” is listed in the request-side
scanning verdict).
For a list of URL category abbreviations, see
.
position 22
“%XZ”
“Trojan Phisher”
Unified response-side anti-malware scanning verdict that provides the
malware category independent of which scanning engines are enabled.
Applies to transactions blocked or monitored due to server response
scanning.
malware category independent of which scanning engines are enabled.
Applies to transactions blocked or monitored due to server response
scanning.
position 23
“%Xk”
“-”
The threat type returned by the Web Reputation filters which resulted in the
target website receiving a poor reputation. Typically, this field is populated
for sites at reputation of -4 and below.
target website receiving a poor reputation. Typically, this field is populated
for sites at reputation of -4 and below.
position 24
“%XO”
“Unknown”
The application name as returned by the AVC engine, if applicable.
Only applies when the AVC engine is enabled.
position 25
“%Xu”
“Unknown”
The application type as returned by the AVC engine, if applicable.
Only applies when the AVC engine is enabled.
position 26
“%Xb”
“-”
The application behavior as returned by the AVC engine, if applicable.
Only applies when the AVC engine is enabled.
position 27
“%XS”
“-”
Safe browsing scanning verdict. This value indicates whether or not either
the safe search or site content ratings feature was applied to the transaction.
the safe search or site content ratings feature was applied to the transaction.
For a list of the possible values, see
.
position 28
%XB
489.73
The average bandwidth consumed serving the request in Kb per second.
position 29
%XT
0
A value that indicates whether or not the request was throttled due to
bandwidth limit control settings. “1” indicates the request was throttled, “0”
indicates it was not.
bandwidth limit control settings. “1” indicates the request was throttled, “0”
indicates it was not.
position 30
%l
[Local]
The type of user making the request, either “[Local]” or “[Remote].” Only
applies when AnyConnect Secure Mobility is enabled. When it is not
enabled, the value is a hyphen (-).
applies when AnyConnect Secure Mobility is enabled. When it is not
enabled, the value is a hyphen (-).
position 31
“%X3”
“-”
Unified request-side anti-malware scanning verdict independent of which
scanning engines are enabled. Applies to transactions blocked or monitored
due to client request scanning when an Outbound Malware Scanning Policy
applies.
scanning engines are enabled. Applies to transactions blocked or monitored
due to client request scanning when an Outbound Malware Scanning Policy
applies.
position 32
“%X4”
“-”
The threat name assigned to the client request that was blocked or monitored
due to an applicable Outbound Malware Scanning Policy.
due to an applicable Outbound Malware Scanning Policy.
This threat name is independent of which anti-malware scanning engines are
enabled.
enabled.
Table 24-8
Access Log File Entry — Scanning Verdict Information (continued)
Position and Format
Specifier
Specifier
Field Value
Description