Cisco Cisco Web Security Appliance S670 User Guide
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
21-31
AsyncOS 8.8 for Cisco Web Security Appliances User Guide
Chapter 21 Monitor System Activity Through Logs
Log File Fields and Tags
%A
cs-username
Authenticated user name. This field is written with
double-quotes in the access logs.
double-quotes in the access logs.
%b
sc-body-size
Bytes sent to the client from the Web Proxy for the
body content.
body content.
%B
bytes
Total bytes used (request size + response size, which
is %q + %s).
is %q + %s).
%c
cs-mime-type
Response body MIME type. This field is written
with double-quotes in the access logs.
with double-quotes in the access logs.
%C
cs(Cookie)
Cookie header. This field is written with
double-quotes in the access logs.
double-quotes in the access logs.
%d
s-hostname
Data source or server IP address.
%D
x-acltag
ACL decision tag.
%e
x-elapsed-time
Elapsed time in milliseconds.
For TCP traffic, this is the time elapsed between the
opening and closing of the HTTP connection.
opening and closing of the HTTP connection.
For UDP traffic, this is the time elapsed between the
sending of the first datagram and the time at which the
last datagram can be accepted. A large elapsed time
value for UDP traffic may indicate that a large timeout
value and a long-lived UDP association allowed
datagrams to be accepted longer than necessary.
sending of the first datagram and the time at which the
last datagram can be accepted. A large elapsed time
value for UDP traffic may indicate that a large timeout
value and a long-lived UDP association allowed
datagrams to be accepted longer than necessary.
%E
x-error-code
Error code number that may help Customer Support
troubleshoot the reason for a failed transaction.(
troubleshoot the reason for a failed transaction.(
%f
cs(X-Forwarded-For)
X-Forwarded-For header.
%F
c-port
Client source port
%g
cs-auth-group
Authorized group names. This field is written with
double-quotes in the access logs.
double-quotes in the access logs.
%h
sc-http-status
HTTP response code.
%H
s-hierarchy
Hierarchy retrieval.
%i
x-icap-server
IP address of the last ICAP server contacted while
processing the request.
processing the request.
%I
x-transaction-id
Transaction ID.
Format Specifier in
Access Logs
Access Logs
Log Field in W3C Logs
Description