7 Replies Latest reply on Jul 12, 2017 3:47 PM by authaman01

    Access.log header descriptions...

      So looking at the Access.log file I see this header row...

       

      # time_stamp "auth_user" src_ip status_code "req_line" "categories" "rep_level" "media_type" bytes_to_client "user_agent" "virus_name" "block_res"

       

      I'd like to know if there's more on which headings (W3C field-identifiers) we can add here? 

       

      Also  what are the possible values of "block_res" ?  I've found "0" seems to mean request allowed by policy and "10" seems to mean request Blocked by policy.

       

      Thanks

        • 1. Re: Access.log header descriptions...
          Jon Scholten

          Hey Scott,

           

          It depends on what version we are talking about, on 6.x, you can use the available fields you find in the help file.

           

          On 7, you can customize it to whatever you want, the header is a free text field, but if you want it to work with Web Reporter you have to make sure it matches up according to the log file entry that is written.

           

          As far as the block_res codes, the list of them can be found in the help file under Reporting > Log File Managment > Activate Log Files, then click 'Customize HTTP Access Log', then click the help icon on the line for 'Log File Structure', then scroll down to the block_res then you can click a link for the list of codes.

           

          ~Jon

          1 of 1 people found this helpful
          • 2. Re: Access.log header descriptions...

            I presume you are talking about version 7?

            The header row is a static string simply used for the benefit of Web Reporter or other reporting programs to help with the log parsing. The header row does not affect the actual content written to the logs. To do that you use the log handler to parse create the logLine using the properties of the request. Here'st he default log line rule, you can change it to be anything you want.

             

             

            Access Log
            [Log handler for writing the access log.]
            Enabled
            Applies to Requests: False / Responses: False / Embedded Objects: False
            Always
            EnabledRuleActionEventsComments
            EnabledWrite access.log
            Always
            ContinueSet User-Defined.logLine =
                 DateTime.ToWebReporterString +
                 " "" +
                 Authentication.UserName +
                 "" " +
                 String.ReplaceIfEquals(IP.ToString(Client.IP),"","-") +
                 " " +
                 String.ReplaceIfEquals(Number.ToString(Response.StatusCode),"","-") +
                 " "" +
                 Request.Header.FirstLine +
                 "" " +
                 """ +
                 List.OfCategory.ToString(URL.Categories) +
                 "" "" +
                 String.ReplaceIfEquals(URL.ReputationString,"","-") +
                 "" "" +
                 MediaType.ToString(MediaType.FromHeader) +
                 "" " +
                 String.ReplaceIfEquals(Number.ToString(Body.Size),"","-") +
                 " "" +
                 Header.Get("User-Agent") +
                 "" "" +
                 List.OfString.ToString(Antimalware.VirusNames) +
                 "" "" +
                 Number.ToString(Block.ID) +
                 """
            FileSystemLogging.WriteLogEntry(User-Defined.logLine)<Access Log Configuration>

             

             

            The block_res is also simply for the sake of Web Reporter. It is a value defined by the block page to tell Web Reporter the reason it was blocked. For example, Virus Found is a reason of 80.

             

            Virus FoundConfiguration for a block action if malware has been found.
            Block ActionValue
            TemplateName (String)VirusFound
            DirectoryName (String)default
            Language (String)auto
            BlockReasonID (Number)80
            BlockReason (String)Malware found

             

            The number are arbitrary other than the fact that Web Reporter uses them to classify in protection area reports.

            They are there because of the legacy Webwasher 6 had them hard-coded into the engine, but MWG7 lets you define them yourself.

            1 of 1 people found this helpful
            • 3. Re: Access.log header descriptions...

              ooo, simul-post.

              • 4. Re: Access.log header descriptions...

                Thanks both of you, that was very helpful.

                • 5. Re: Access.log header descriptions...
                  authaman01

                  Hi Team,

                   

                  I just want to know if I need to write filename in access.log which property can use.

                   

                  Regards,

                  Akhilesh

                  • 6. Re: Access.log header descriptions...
                    Jon Scholten

                    Hi Akhilesh,

                     

                    What filename do you want to log?

                     

                    There could be a filename for an upload or download.

                     

                    Best Regards,

                    Jon

                    • 7. Re: Access.log header descriptions...
                      authaman01

                      Hi Team,

                       

                      According to my customer requirement he needs to write filename to access.log while downloading and uploading the files.

                       

                      Regards,

                      Akhilesh