Cisco Cisco Web Security Appliance S690 User Guide

Familiarize yourself with this example access log entry for a single transaction and notice the field 
values: 

Notice that each field is separated by spaces.

Familiarize yourself with the fields in this example:

1278096903.150 97 172.xx.xx.xx TCP_MISS/200 8187 GET http://my.site.com/ - 

DIRECT/my.site.com text/plain 

DEFAULT_CASE_11-AccessOrDecryptionPolicy-Identity-OutboundMalwareScanningPolicy-DataSecu

rityPolicy-ExternalDLPPolicy-RoutingPolicy 

<IW_comp,6.9,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_comp,-,"-","-","Unknown","Un

known","-","-",198.34,0,-,[Local],"-",37,"W32.CiscoTestVector",33,0,"WSA-INFECTED-FILE.p

df","fd5ef49d4213e05f448f11ed9c98253d85829614fba368a421d14e64c426da5e”> -

1

1278096903.150

 

Timestamp in UNIX epoch.

2

97

Elapsed time in milliseconds.

3

172.xx.xx.xx

Client IP Address.

4

TCP_MISS

Result code for the client request resolution. Indicates 
whether the content was retrieved from cache or the origin 
server.

5

200

HTTP response code.

6

8187

Response size (header + body).

7

GET http://my.site.com/

First line of the request.

8

-

Authenticated user name.

9

DIRECT

Hierarchy retrieval.

10

my.site.com

 

Data source or server IP address.

11

text/plain

Response body MIME type.

12

DEFAULT_CASE_11

 

Access Control List (ACL) Decision.

13

AccessOrDecryptionPolicy

Access Policy or Decryption Policy group name. 

(Part of the ACL decision tag) 

14

Identity

 

Identity policy group name. (Part of the ACL decision tag)

15

OutboundMalwareScanningP

olicy

 

Outbound Malware Scanning Policy group name. 

(Part of the ACL decision tag)

16

DataSecurityPolicy

 

Cisco Data Security Policy group name.

(Part of the ACL decision tag)

17

ExternalDLPPolicy

 

External DLP Policy group name. 

(Part of the ACL decision tag)

18

RoutingPolicy

 

Routing Policy group name as 
ProxyGroupName/ProxyServerName. 

(Part of the ACL decision tag)