Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Log entry information

I am looking for any help on understanding what field reported the "trojan" entry found in the log entry below:

http://load.videohub.com/core?playerID=P-63Z-6P9&bootloaderID=B-0Y9-YVC, IW_busi,-5.4,"1","-",-,-,-,"-","-",-,-,-,"-","-",-,"-","-",-,-,IW_busi,-,"-","trojan","Unknown","Unknown","-","-",1.26,0,-,"-","-"> NONE/504 11201

I understand that the access was not allowed due to a gateway timeout, we also are not running any type of malware/virus scanning on the WSA. This is from a W3C log file. The log fields we use are listed below:

c-ip

cs-mime-type

cs-username

date

time

cs-url

sc-bytes

x-wbrs-score

x-result-code

x-resultcode-httpstatus

x-webcat-req-code-abbr

x-elapsed-time

Thanks

Dominick                  

3 REPLIES
Cisco Employee

Log entry information

Hi Dominick,

The log field ( %Xr ) x-result-code is the reason why your seeing " trojan" in your W3C logs. The result code that your looking based on our phone conversation is:


sc-http-status

%h

HTTP response code

This information is located in the online userguide of the WSA -> GUI -> Support and Help -> Online Userguide -> Search tab -> W3C -> page 63 about 1/4 of the was down on that page you should find the entery above.

Sincerely,


Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator

Sincerely, Erik Kaiser WSA CSE WSA Cisco Forums Moderator
New Member

I don't believe the original

I don't believe the original question was answered here and I believe I have a similar question.

Question:  What are the definitions for the fields within x-result-code?  It contains many variables such as URL Category (seemingly twice), Reputation Score, and many others, but what are they?  Yes, many of them customers don't use due to a certain module not being present but a mystery surrounds these values.  No Cisco guides, or user threads clearly explain what these are.  Can anyone clarify?

Specifically above the fields which depict '1' right after the reputation score, 'trojan', 'unknown' the first time, 'unknown' the second time, and '1.26'.

Thank you kindly for any clarification.

New Member

Signatureman, sorry for the

Signatureman, sorry for the very late response, in looking for an answer to an unrelated question I saw yours.  I hope the attached sheet is what you are looking for, this sheet has helped us resolve an endless amount of issues, it has been invaluable in providing good service to our users and being able to speak intelligently when a problem is encountered.  Hope it is of help to you as well.  Regards.

390
Views
0
Helpful
3
Replies