search cancel

Client or Server IP address is displaying as "Unknown" in the CAS Alerts


Article ID: 172046


Updated On:


Content Analysis Software - CA ProxySG Software - SGOS


Sandboxing, Predictive Analysis, File reputation threat alerts etc are configured on CAS to notify events promptly over email or syslog, however the client ip address or server ip addresses are missing in the alert. A sample alert for Predictive Analysis is given below:

File determined to be unsafe through Predictive Analysis

File has been dropped.

2018-07-10 02:54:40 (UTC)
Hardware serial number: XXXXXXXXXX
CAS (Version - Predictive Analysis Vendor: Cylance
Version: 281492156710912

Machine name: CAS
Machine IP address:
Server: Unknown

URL: hxxp://testurl/sample.pdf
Threat Score: 9
Threat Details:



This is due to ProxySG not configured to send Client IP Address and Server (OCS) Address to ICAP server along with the scan request The below configuration needs to be modified on ProxySG to address this issue.

  1. Navigate to Configuration -> Content Analysis -> ICAP -> Locate the ICAP Service and click on Edit.
  2. Enable the Client address and Server address as shown in the snapshot.