Cisco Cisco Web Security Appliance S670 User Guide

20-26

AsyncOS 8.5 for Cisco Web Security Appliances User Guide

Chapter 20 Monitor System Activity Through Logs

W3C Compliant Access Log Files

The following table describes the header fields listed at the beginning of each W3C log file.

Example W3C log file:

W3C Field Prefixes

Most W3C log field names include a prefix that identifies from which header a value comes, such as the
client or server. Log fields without a prefix reference values that are independent of the computers
involved in the transaction. The following table describes the W3C log fields prefixes.

For example, the W3C log field “cs-method” refers to the method in the request sent by the client to the
server, and “c-ip” refers to the client’s IP address.

Related Topics

•

–Retrieval settings for archived logs, which specifies whether logs are archived onto a remote

server or stored on the appliance., page 20-7

•

•For information on user defined fields, see Access Log User Defined Fields, page 20-27.,

page 20-27

•

Traffic Monitor Log Files, page 20-28

•

Log File Fields and Tags, page 20-29

•

Viewing Log Files, page 20-13

Header Field

Description

Version

The version of the W3C ELF format used.

Date

The date and time at which the header (and log file) was created.

System

The Web Security appliance that generated the log file in the format “Management_IP
- Management_hostname.”

Software

The Software which generated these logs

Fields

The fields recorded in the log

#Version: 1.0

#Date: 2009-06-15 13:55:20

#System: 10.1.1.1 - wsa.qa

#Software: AsyncOS for Web 6.3.0

#Fields: timestamp x-elapsed-time c-ip x-resultcode-httpstatus sc-bytes cs-method

cs-url cs-username x-hierarchy-origin cs-mime-type x-acltag x-result-code

x-suspect-user-agent

Prefix Header

Description

c Client

s Server

cs Client

server

sc Server

client

Application specific identifier.