So looking at the Access.log file I see this header row...
# time_stamp "auth_user" src_ip status_code "req_line" "categories" "rep_level" "media_type" bytes_to_client "user_agent" "virus_name" "block_res"
I'd like to know if there's more on which headings (W3C field-identifiers) we can add here?
Also what are the possible values of "block_res" ? I've found "0" seems to mean request allowed by policy and "10" seems to mean request Blocked by policy.
It depends on what version we are talking about, on 6.x, you can use the available fields you find in the help file.
On 7, you can customize it to whatever you want, the header is a free text field, but if you want it to work with Web Reporter you have to make sure it matches up according to the log file entry that is written.
As far as the block_res codes, the list of them can be found in the help file under Reporting > Log File Managment > Activate Log Files, then click 'Customize HTTP Access Log', then click the help icon on the line for 'Log File Structure', then scroll down to the block_res then you can click a link for the list of codes.
I presume you are talking about version 7?
The header row is a static string simply used for the benefit of Web Reporter or other reporting programs to help with the log parsing. The header row does not affect the actual content written to the logs. To do that you use the log handler to parse create the logLine using the properties of the request. Here'st he default log line rule, you can change it to be anything you want.
[Log handler for writing the access log.]
Applies to Requests: False / Responses: False / Embedded Objects: False
The block_res is also simply for the sake of Web Reporter. It is a value defined by the block page to tell Web Reporter the reason it was blocked. For example, Virus Found is a reason of 80.
|Virus Found||Configuration for a block action if malware has been found.|
|BlockReason (String)||Malware found|
The number are arbitrary other than the fact that Web Reporter uses them to classify in protection area reports.
They are there because of the legacy Webwasher 6 had them hard-coded into the engine, but MWG7 lets you define them yourself.
According to my customer requirement he needs to write filename to access.log while downloading and uploading the files.