Cisco Cisco Web Security Appliance S390 Betriebsanweisung

For example, the W3C log field “cs-method” refers to the method in the request sent by the client to the 
server, and “c-ip” refers to the client’s IP address.

.

.

You can customize regular and W3C access logs to include many different fields to capture 
comprehensive information about web traffic within the network using predefined fields or user defined 
fields.

For a list of predefined fields, see 

For information on user defined fields, see 

If the list of predefined Access log and W3C log fields does not include all header information you want 
to log from HTTP/HTTPS transactions, you can type a user-defined log field in the Custom Fields text 
box when you configure the access and W3C log subscriptions.

Custom log fields can be any data from any header sent from the client or the server. If a request or 
response does not include the header added to the log subscription, the log file includes a hyphen as the 
log field value.

The following table defines the syntax to use for access and W3C logs: 

For example, if you want to log the If-Modified-Since header value in client requests, enter the following 
text in the Custom Fields box for a W3C log subscription:

cs(If-Modified-Since)

.

.

Header from the client application

%<ClientHeaderName:

cs(ClientHeaderName) 

Header from the server

%<ServerHeaderName: sc(ServerHeaderName)