What is your log parser format for the log source? Cisco CE SFv4 - Squid Format
You should get blocks if you choose the right format. If you made a custom log format, then you may have problems getting blocks to work correctly.
You shouldn't need to use the user-defined columns, but what you have seems 95% correct. The * means "0 or more of previous character", which means you are matching 40, 403, 4033, etc. But this should still match. Maybe you don't need to include the ^ at the beginning. The regex pattern matching should receive just the number (403, 200, etc), so it should be enough to only put the number in your regex without ^ or *. That's just some advice for later. For now, let's focus on getting the blocked traffic to work correctly without user defined columns.
i use the Squid Native Log Parser Format.
The Squid Log File is built like this:
OK thank you, if i need the user-defined colums, i will change the regular expression, because i only need 403 and 200, to see what's blocked and whats allowed.
OK. Well, if those block requests are not showing as block in Web Reporter, there might be a bug. If you have support, please open a service request with support and we will try to reproduce the problem and escalate it if necessary.
OK, than i will try to open a service request for the problem.
With the Trusted Websource Database it's possbile to get the category and reputation of a squid log but not the malware name.
Is there also an opporunity to filter out the malware name from a native-squid-log in webreporter?
Malware detection is done on the content by your proxy. Web Reporter cannot lookup maleware based on the URL in the log.