Data Fields
The following table explains the keys used in the sophos_log file.
DescriptionField
This setting is optional and is only displayed if you are using Endpoint Web Control. A value of
ep=1 means the browsing occurred on the endpoint computer, and that this entry was then
uploaded to the appliance.
ep
This setting is optional. An entry of sxl=y or sxl=n indicates if an SXL lookup for a particular
transaction was successful or not.
sxl
Remote host (the IP address that sent the request).h
Remote user who made the request (null if user authentication is off). Note that the second entry
example above shows how UTF-8 usernames are encoded in the log file.
u
HTTP status code sent back to the client.s
The connection status when the response was completed:
X = connection aborted before the response completed,
+ = connection may be kept alive after the response is sent,
- = connection will be closed after the response is sent.
X
Timestamp (in seconds) of when the request was first received since the UNIX Epoch, i.e.
1970-01-01 00:00:00 UTC).
t
Time in microseconds required to serve this request.T
Time required (in seconds) to serve this request.Ts
Action code that identifies the outcome of the request:
-7 = User is shown a sandbox analysis page .
-6 = User attempted to proceed on a quota page, but the request was blocked.
-5 = Block page displayed: daily quota time exceeded.
-4 = Quota time warning displayed.
-3 = User proceeded but request was blocked.
-2 = Request was warned.
-1 = Request was blocked.
1 = Request was allowed.
2 = Request was warned and user decided to proceed.
3 = User proceeded.
4 = User accepts a quota time and proceeds.
5 = Requested proceeded after quota accepted.
act
218 | Interpreting Log Files | Sophos Web Appliance
To Next Page
Loading...
Need help?
General
