Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1105
Views
0
Helpful
3
Replies

Log entry information

Dominick Converse
Level 1
Level 1

‎10-15-2013 06:48 AM

I am looking for any help on understanding what field reported the "trojan" entry found in the log entry below:

http://load.videohub.com/core?playerID=P-63Z-6P9&bootloaderID=B-0Y9-YVC, IW_busi,-5.4,"1","-",-,-,-,"-","-",-,-,-,"-","-",-,"-","-",-,-,IW_busi,-,"-","trojan","Unknown","Unknown","-","-",1.26,0,-,"-","-"> NONE/504 11201

I understand that the access was not allowed due to a gateway timeout, we also are not running any type of malware/virus scanning on the WSA. This is from a W3C log file. The log fields we use are listed below:

c-ip

cs-mime-type

cs-username

date

time

cs-url

sc-bytes

x-wbrs-score

x-result-code

x-resultcode-httpstatus

x-webcat-req-code-abbr

x-elapsed-time

Thanks

Dominick                  

Labels:
0 Helpful
3 Replies 3

Erik Kaiser
Cisco Employee
Cisco Employee

‎10-15-2013 01:00 PM

Hi Dominick,

The log field ( %Xr ) x-result-code is the reason why your seeing " trojan" in your W3C logs. The result code that your looking based on our phone conversation is:


sc-http-status

%h

HTTP response code

This information is located in the online userguide of the WSA -> GUI -> Support and Help -> Online Userguide -> Search tab -> W3C -> page 63 about 1/4 of the was down on that page you should find the entery above.

Sincerely,


Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator

Sincerely, Erik Kaiser WSA CSE WSA Cisco Forums Moderator
0 Helpful

signatureman
Level 1
Level 1
In response to Erik Kaiser

‎02-05-2015 11:52 AM

I don't believe the original question was answered here and I believe I have a similar question.

Question:  What are the definitions for the fields within x-result-code?  It contains many variables such as URL Category (seemingly twice), Reputation Score, and many others, but what are they?  Yes, many of them customers don't use due to a certain module not being present but a mystery surrounds these values.  No Cisco guides, or user threads clearly explain what these are.  Can anyone clarify?

Specifically above the fields which depict '1' right after the reputation score, 'trojan', 'unknown' the first time, 'unknown' the second time, and '1.26'.

Thank you kindly for any clarification.

0 Helpful

pjasa
Level 1
Level 1
In response to signatureman

‎05-18-2015 10:00 AM

Signatureman, sorry for the very late response, in looking for an answer to an unrelated question I saw yours.  I hope the attached sheet is what you are looking for, this sheet has helped us resolve an endless amount of issues, it has been invaluable in providing good service to our users and being able to speak intelligently when a problem is encountered.  Hope it is of help to you as well.  Regards.

Preview file
354 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents