Cisco Cisco Web Security Appliance S160 User Guide
20-25
Cisco AsyncOS for Web User Guide
Chapter 20 Monitor System Activity Through Logs
Log File Fields and Tags
%:b>
x-p2c-body-time
Wait-time for complete body written to client
%:C<
x-p2p-dca-resp-svc-time
Wait-time to receive the verdict from the
Dynamic Content Analysis engine, including
the time required for the Web Proxy to send
the request.
Dynamic Content Analysis engine, including
the time required for the Web Proxy to send
the request.
%:C>
x-p2p-dca-resp-wait-time
Wait-time to receive the response from the
Dynamic Content Analysis engine, after the
Web Proxy sent the request.
Dynamic Content Analysis engine, after the
Web Proxy sent the request.
%:h<
x-c2p-header-time
Wait-time for complete client header after
first byte
first byte
%:h>
x-s2p-header-time
Wait-time for complete header written to
client
client
%:m<
x-p2p-mcafee-resp-svc-time
Wait-time to receive the verdict from the
McAfee scanning engine, including the time
required for the Web Proxy to send the
request.
McAfee scanning engine, including the time
required for the Web Proxy to send the
request.
%:m>
x-p2p-mcafee-resp-wait-time Wait-time to receive the response from the
McAfee scanning engine, after the Web
Proxy sent the request.
Proxy sent the request.
%:p<
x-p2p-sophos-resp-svc-time
Wait-time to receive the verdict from the
Sophos scanning engine, including the time
required for the Web Proxy to send the
request.
Sophos scanning engine, including the time
required for the Web Proxy to send the
request.
%:p>
x-p2p-sophos-resp-wait-time Wait-time to receive the response from the
Sophos scanning engine, after the Web Proxy
sent the request.
sent the request.
%:w<
x-p2p-webroot-resp-svc-time Wait-time to receive the verdict from the
Webroot scanning engine, including the time
required for the Web Proxy to send the
request.
required for the Web Proxy to send the
request.
%:w>
x-p2p-webroot-resp-wait-tim
e
e
Wait-time to receive the response from the
Webroot scanning engine, after the Web
Proxy sent the request.
Webroot scanning engine, after the Web
Proxy sent the request.
%?BLOCK_SUSPECT
_USER_AGENT,
MONITOR_SUSPECT
_USER_AGENT?%
<User-Agent:%!%-%.
_USER_AGENT,
MONITOR_SUSPECT
_USER_AGENT?%
<User-Agent:%!%-%.
x-suspect-user-agent
Suspect user agent, if applicable. If the Web
Proxy determines the user agent is suspect, it
will log the user agent in this field.
Otherwise, it logs a hyphen. This field is
written with double-quotes in the access logs.
Proxy determines the user agent is suspect, it
will log the user agent in this field.
Otherwise, it logs a hyphen. This field is
written with double-quotes in the access logs.
%<Referer:
cs(Referer)
Referer
%>Server:
sc(Server)
Server header in the response
%a
c-ip
Client IP Address
%A
cs-username
Authenticated user name. This field is written
with double-quotes in the access logs.
with double-quotes in the access logs.
Format Specifier in
Access Logs
Access Logs
Log Field in W3C Logs
Description