What is the Webprevent_Access log description
Article ID: 159780
Updated On:
Products
Data Loss Prevention Network Prevent for Web
Issue/Introduction
What is the format and description of the Webprevent_Access log.
Resolution
# host_ip "auth_user" time_stamp "request_line" icap_status_code request_size "referer" "user_agent" processing_time(ms) conn_id client_ip client_port action_code icap_method_code traffic_source_code msg_uid
A field that is listed with quotes in field description message will have values listed in quotes in log messages. For a request which could not determine the field values will have - or "" as default value.
| Fields | Explanation |
| host_ip | end host that made the request |
| auth_user | authorized user for this request |
| time_stamp | time when the request was received by web prevent (request arrival time) |
| request_line | line representing request |
| icap_status_code | ICAP response code sent by web prevent for this request |
| request_size | request size in bytes |
| referer | referer header value from request |
| user_agent | user agent associated with the request |
| processing_time(ms) | request processing time in millisecond (ms) - value includes receiving + content inspection + sending time |
| conn_id | connection id associated with the request |
| client_ip | ip of the ICAP client (proxy) |
| client_port | port of the ICAP client (proxy) |
| action_code | an integer representing the action taken by web prevent |
| icap_method_code | an integer representing the ICAP method associated with this request |
| traffic_source_code | identifies traffic source as Tablet/Web/Unknown |
| msg_uid | unique message identifier associated with request |
Note:
action_code and icap_method_code are integer values and their interpretation can be found in IcapActionType.java and IcapMethod.java respectively.
| action code value | Interpretation |
| 0 | UNKNOWN |
| 1 | ALLOW |
| 2 | BLOCK |
| 3 | REDACT |
| 4 | ERROR |
| 5 | ALLOW_WITHOUT_INSPECTION |
| 6 | OPTIONS_RESPONSE |
| 7 | REDIRECT |
| icap_method_code | Interpretation |
| -1 | ILLEGAL |
| 0 | OPTIONS |
| 1 | REQMOD |
| 2 | RESPMOD |
| 3 | LOG |
traffic_source_code is an integer corresponding to enum values defined in IncidentType.java
| traffic_source_code | Interpretation |
|---|---|
| 0 | TABLET - for Tablet Only License |
| 1 | NETWORK - for Network Prevent for Web Only License |
| 2 | UNKNOWN - for Network Prevent for Web + Tablet license and request fails to match UserAgent / IP range checks. Incident (if generated) will be categorized as Network |
Feedback
Yes
No
Powered by
