Cisco Cisco Web Security Appliance S670 User Guide

%A

cs-username

Authenticated user name. This field is written with 
double-quotes in the access logs.

%b

sc-body-size

Bytes sent to the client from the Web Proxy for the 
body content.

%B

bytes

Total bytes used (request size + response size, which 
is %q + %s).

%c

cs-mime-type

Response body MIME type. This field is written 
with double-quotes in the access logs.

%C

cs(Cookie)

Cookie header. This field is written with 
double-quotes in the access logs.

%d

s-hostname

Data source or server IP address.

%D

x-acltag

ACL decision tag.

%e

x-elapsed-time

Elapsed time in milliseconds. 

For TCP traffic, this is the time elapsed between the 
opening and closing of the HTTP connection.

For UDP traffic, this is the time elapsed between the 
sending of the first datagram and the time at which the 
last datagram can be accepted. A large elapsed time 
value for UDP traffic may indicate that a large timeout 
value and a long-lived UDP association allowed 
datagrams to be accepted longer than necessary.

%E

x-error-code

Error code number that may help Customer Support 
troubleshoot the reason for a failed transaction.(

%f

cs(X-Forwarded-For)

X-Forwarded-For header.

%F

c-port

Client source port 

%g

cs-auth-group

Authorized group names. This field is written with 
double-quotes in the access logs.

%h

sc-http-status

HTTP response code.

%H

s-hierarchy

Hierarchy retrieval.

%i

x-icap-server

IP address of the last ICAP server contacted while 
processing the request. 

%I

x-transaction-id

Transaction ID.