Cisco Cisco Web Security Appliance S380 User Guide

Each line in the W3C access log file relates to one transaction, and each line is terminated by a LF 
sequence.

Each W3C log file contains header text at the beginning of the file. Each line starts with the # character 
and provides information about the Web Security appliance that created the log file. The W3C log file 
headers also include the file format (list of fields), making the log file self-describing.

The following table describes the header fields listed at the beginning of each W3C log file. 

Most W3C log field names include a prefix that identifies from which header a value comes, such as the 
client or server. Log fields without a prefix reference values that are independent of the computers 
involved in the transaction. The following table describes the W3C log fields prefixes.

Version

The version of the W3C ELF format used.

Date

The date and time at which the header (and log file) was created.

System

The Web Security appliance that generated the log file in the format “Management_IP 
- Management_hostname.”

Software

The Software which generated these logs

Fields

The fields recorded in the log

#Version: 1.0

 

#Date: 2009-06-15 13:55:20

 

#System: 10.1.1.1 - wsa.qa

 

#Software: AsyncOS for Web 6.3.0

 

#Fields: timestamp x-elapsed-time c-ip x-resultcode-httpstatus sc-bytes cs-method 

cs-url cs-username x-hierarchy-origin cs-mime-type x-acltag x-result-code 

x-suspect-user-agent

 

c Client

s Server

cs Client 

to 

server

sc Server 

to 

client

x 

Application specific identifier.