Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Configuring the log format to show upload and download bytes in InterScan Web Security Virtual Appliance (IWSVA) 6.5

    • Updated:
    • 9 Jun 2021
    • Product/Version:
    • Interscan Web Security Virtual Appliance 6.5
    • Platform:
Summary

You want to find out if the following log can include upload and download bytes in addition to the total bytes, such as "size:318|upload:118|download:200" instead of just "size:318" like it is currently.

<130>CA1WM03P: <Tue, 13 Apr 2021 12:03:59,CST> [EVT_URL_BLOCKING|LOG_CRIT] Blocked URL log |act:BLOCK|usr:ca306541|src:10.1.248.212|dst:23.227.137.155|agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.75|app:-|cat:88|ctype:text/plain|mth:POST|scode:|size:318|url:HTTPS://ghb1.adtelligent.com|uri:/v2/auction/|ref:http://www.mbaexcel.com/
Details
Public

Use the following parameter in syslog format:

%\{size}fFile size
%\{upstream_payload}pUpstream payload + header
%\{downstream_payload}pDownstream payload + header
  1. SSH to IWSVA as root.
  2. Edit /etc/iscan/log_format.ini
  3. Make sure that "syslog_type=1"
  4. Edit log_format as follows:

    log_format=%a|%u|%H|%\{x_forwarded_for}h|%\{recv_request_begin}t|%\{host}h|size:%\{size}f|upload:%\{upstream_payload}p|download:%\{downstream_payload}p

    [syslog]
     # Use new or old syslog format, 1: new syslog format, 0: old syslog format. Default is 0.
     # Enable and disable the whole syslog function is still controlled by WebUI;
    syslog_type=1
    log_format=%a|%u|%H|%\{x_forwarded_for}h|%\{recv_request_begin}t|%\{host}h|size:\{size}f|upload:%\{upstream_payload}p|download:%\{downstream_payload}p
    
  5. Reload httpd to make sure the changes work:

    l/etc/iscan/S99ISproxy reload

For more information on syslog parameter, download the IWSVA 6.5 SP1 Syslog & Text Based Access Log Enhancement document.

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000286706
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.