DescriptionField
The form of authentication that succeeded (for example, "bypass," "portal," "kerb").auth_by
Internal use only.authn
Amount of time (in seconds) it took to get a DNS response.This can help troubleshoot DNS
latency issues.
dnstime
The number of quota minutes used.This relates to the number of minutes allowed for this quota.
This is configured in the Naming & Scheduling tab of the Additional Policy wizard:
Configuration > Group Policy > Additional Policies.
quotatime
Identifies whether a download should be sent to the sandbox component of Sophos Sandstorm.sandbox
Special Notes
The basic format is [key]=[value] where there is no whitespace between the key, the equals
character or the value.The value may be enclosed in quotes, e.g. [key]="[value]". Values
that contain embedded whitespace will always use quote delimiters. Implementers are encouraged
to check for, and remove if found, surrounding unescaped quote characters for each value.
Each log line is terminated by a linefeed character (ASCII LF, 0x10). Since these log files may
be moved between computers that could reformat the text file, implementers are encouraged to
recognize and accept log lines terminated by any of the standard text line termination schemes:
linefeed, carriage return (ASCII CR, 0x0D) or LF+CR as used by Windows/DOS.
Quotes ( " ) and backslashes ( \ ) within a value are escaped by prepending a backslash. Keys
will never contain such characters.
Null values may be represented by an empty string (e.g.[key]= or [key]="") or a dash character
(e.g. [key]=- or [key]="-"). Any value containing only a dash character should be treated as
if the value was not specified. Some fields will contain a null string if the value would otherwise
be undefined (e.g. for a blocked request, the filetype field will be meaningless).
The appliance supports Unicode usernames when authenticating users to an Active Directory or
eDirectory server. In these cases the user field will contain a UTF-8 string; the non-printable bytes
are escaped using the ‘\x’ prefix followed by the hexadecimal representation of the raw bytes
(e.g. \xAF). In the example above,
‘SILKNET2\\t\xc3\xb5m\xc3\xa4sj\xc3\xb3n\xc3\xa9s’ translates to
‘SILKNET2\tõmäsjónés’, where the username is:
t U+0074, Latin Small Letter T
õ U+00F5, Latin Small Letter O with Tilde
m U+006D, Latin Small Letter M
ä U+00E4, Latin Small Letter A with Diaeresis
s U+0073, Latin Small Letter S
j U+006A, Latin Small Letter J
ó U+00F3, Latin Small Letter O with Acute
Sophos Web Appliance | Interpreting Log Files | 221
To Next Page
Loading...
Need help?
General
