D Interpreting Log Files
This page provides the information required to interpret a Web Appliance log file.
This file is saved as part of a system backup that is configured on the Configuration > System >
Backup page, if you have the Transaction log files at least once daily at midnight option
selected, and you have chosen to back up the logs in the Sophos format. If you have chosen to
back up the logs in the Squid format, see the Squid log format page.
Introduction
The appliance keeps a log (called sophos_log) of all requests it processes.The following is an
example of a sophos_log entry:
h=10.99.115.13 u="DOMAIN\\johnsmith" s=200 X=- t=1336666489 T=284453
Ts=0 act=1 cat="0x220000002a" app="-" rsn=- threat="-" type="text/
html" ctype="text/html"
sav-ev=4.77 sav-dv=2012.5.10.4770003 uri-dv=- cache=- in=1255 out=26198
meth=GET ref="-" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0)
Gecko/20100101 Firefox/12.0"
req="GET http://www.google.ca/ HTTP/1.1" dom="google.ca" filetype="-"
rule="0"
filesize=25815 axtime=0.048193 fttime=0.049360 scantime=0.011
src_cat="0x2f0000002a"
labs_cat="0x2f0000002a" dcat_prox="-" target_ip="74.125.127.94"
labs_rule_id="0"
reqtime=0.027 adtime=0.001625 ftbypass=- os=Windows authn=53
auth_by=portal_cache
dnstime=0.000197 quotatime=- sandbox=-
h=192.168.98.38 u="SILKNET2\\t\xc3\xb5m\xc3\xa4sj\xc3\xb3n\xc3\xa9s"
s=200 X=X
t=1178921655 T=3444378 Ts=3 act=1 cat="0x220000001a" rsn=- threat="-"
type="application/x-exe" ctype="application/x-msdos-program"
sav-ev=4.17
sav-dv=2007.5.9.417008 uri-dv=2007.5.9.6031 cache=MISS in=905
out=236936 meth=GET
ref="http://funnel-web.ca.sophos.com/mime/" ua="Mozilla/4.0
(compatible; MSIE 6.0;
Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
req="GET http://funnel-web.ca.sophos.com/mime/exe.exe HTTP/1.1"
dom="sophos.com"
filetype="exe.exe" rule="3479751" filesize=266360 axtime=0.001234
fttime=0.000235
scantime=0.010 src_cat="0x3200001d53" labs_cat="0x0200000012"
dcat_prox="-"
target_ip="192.168.3.125" labs_rule_id="3479751" reqtime=0.056
adtime=0.000003
Sophos Web Appliance | Interpreting Log Files | 217
To Next Page
Loading...
Need help?
General
