Cisco Cisco Web Security Appliance S390 Betriebsanweisung
436
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
A C C E S S L O G F I L E
The access log file provides a descriptive record of all Web Proxy filtering and scanning
activity. Access log file entries display a record of how the appliance handled each
transaction. You can view the access log file from the System Administration > Log
Subscriptions page.
activity. Access log file entries display a record of how the appliance handled each
transaction. You can view the access log file from the System Administration > Log
Subscriptions page.
Note — The W3C access log also records all Web Proxy filtering and scanning activity, but in
a format that is W3C compliant. For more information, see “W3C Compliant Access Logs” on
page 447.
a format that is W3C compliant. For more information, see “W3C Compliant Access Logs” on
page 447.
The following text is an example access log file entry for a single transaction:
Table 20-5 describes the different fields in the access log file entry.
1149143109.100 97 172.xx.xx.xx TCP_MISS/200 8187 GET http://
my.site.com/ - DIRECT/my.site.com text/plain ALLOW_WBRS-
AccessOrDecryptionPolicyGroup-IdentityPolicyGroup-
DataSecurityPolicyGroup-ExternalDLPPolicyGroup-RoutingPolicyGroup
<IW_misc,9.9,-,-,-,-,-,-,-,-,-,-,-,-,-,IW_misc,->
my.site.com/ - DIRECT/my.site.com text/plain ALLOW_WBRS-
AccessOrDecryptionPolicyGroup-IdentityPolicyGroup-
DataSecurityPolicyGroup-ExternalDLPPolicyGroup-RoutingPolicyGroup
<IW_misc,9.9,-,-,-,-,-,-,-,-,-,-,-,-,-,IW_misc,->
Table 20-5 Access Log File Entry
Field Value
Field Description
1149143109.100
Timestamp since UNIX epoch.
97
Elapsed time (latency) in milliseconds.
172.xx.xx.xx
Client IP address.
TCP_MISS
/
Transaction result code.
For more information, see “Transaction Result Codes” on
page 438.
For more information, see “Transaction Result Codes” on
page 438.
200
HTTP response code.
8187
Response size (headers + body).
GET http://my.website.com/
First line of the request.
Note: When the first line of the request is for a native FTP
transaction, some special characters in the file name are
URL encoded in the access logs. For example, the “@”
symbol is written as “%40” in the access logs.
The following characters are URL encoded:
Note: When the first line of the request is for a native FTP
transaction, some special characters in the file name are
URL encoded in the access logs. For example, the “@”
symbol is written as “%40” in the access logs.
The following characters are URL encoded:
& # % + , : ; = @ ^ { } [ ]
-
Authenticated username.