cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

over %60 of log entries from MWG have status_code=0

We've been trying to get to the bottom of this for over a month now. Effects both HTTP and HTTPS traffic. Over %60 of all logs have a status code of 0. We received an explanation from McAfee, but the explanation made absolutely no sense. Even after asking for clarification, the explanation doesn't make sense (I think it could be a language barrier.)

I wanted to check here before escalating the issue with McAfee. 

Can anyone explain why the logs have this status code of 0?

3 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: over %60 of log entries from MWG have status_code=0

Can you provide more information on which logs?

I'm assuming you're referring to the access logs?  Typically in the access log that means the traffic wasn't blocked (block.id 0 means the request was successful)

Highlighted

Re: over %60 of log entries from MWG have status_code=0

Yes, sorry. This is HTTP status code, other codes we see are 200, 403, 500, etc. Here's some log entry examples with all sensitive information removed:

Jun 10 07:36:01 x.x.x.x mwg: NAME|time_stamp=[10/Jun/2019:12:36:01 +0000]|auth_user=|src_ip=|server_ip=|host=certificates.godaddy.com|url_port=80|status_code=0|bytes_from_client=0|bytes_to_client=0|categories=Business|rep_level=Minimal Risk|method=GET|url=http://certificates.godaddy.com/repository/gdig2.crt|media_type=application/x-empty|application_name...

 

Jun 10 07:36:26 x.x.x.x mwg: NAME|time_stamp=[10/Jun/2019:12:36:26 +0000]|auth_user=|src_ip=|server_ip=|host=fonts.gstatic.com|url_port=443|status_code=0|bytes_from_client=0|bytes_to_client=0|categories=Content Server, Internet Services|rep_level=Minimal Risk|method=CERTVERIFY|url=https://fonts.gstatic.com|media_type=application/x-empty|application_name=|user_agent=|block_res=0|b...

 

As you can see, the above example include http and https traffic, but the status code is 0 for both. This status code is the HTTP status code field.

Highlighted

Re: over %60 of log entries from MWG have status_code=0

Being curious I quickly checked some of my own access.log files and indeed found many of those myself. They all have a common pattern: they all are HTTP/2.0 and 0 bytes to client. Therefore I think they were all cancled.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community