Cisco Cisco Web Security Appliance S160 Guía Del Usuario
20-23
AsyncOS 8.1 for Cisco Web Security User Guide
Chapter 20 Monitor System Activity Through Logs
Access Log Field Descriptions and Identifiers
Related Topics
•
•
•
•
W3C Field Prefixes
Most W3C log field names include a prefix that identifies from which header a value comes, such as the
client or server. Log fields without a prefix reference values that are independent of the computers
involved in the transaction. The following table describes the W3C log fields prefixes.
client or server. Log fields without a prefix reference values that are independent of the computers
involved in the transaction. The following table describes the W3C log fields prefixes.
For example, the W3C log field “cs-method” refers to the method in the request sent by the client to the
server, and “c-ip” refers to the client’s IP address.
server, and “c-ip” refers to the client’s IP address.
Client Request Resolution Codes — Cache or Server?
Client request resolution codes, also called transaction result codes, indicate if and how AsyncOS was
able to fetch the object from cache.
able to fetch the object from cache.
Prefix Header
Description
c Client
s Server
cs Client
to
server
sc Server
to
client
x
Application specific identifier.
Result Code
Description
TCP_HIT
The object requested was fetched from the disk cache.
TCP_IMS_HIT
The client sent an IMS (If-Modified-Since) request for an object and the
object was found in the cache. The proxy responds with a 304 response.
object was found in the cache. The proxy responds with a 304 response.
TCP_MEM_HIT
The object requested was fetched from the memory cache.
TCP_MISS
The object was not found in the cache, so it was fetched from the origin
server.
server.
TCP_REFRESH_HIT
The object was in the cache, but had expired. The proxy sent an IMS
(If-Modified-Since) request to the origin server, and the server
confirmed that the object has not been modified. Therefore, the
appliance fetched the object from either the disk or memory cache.
(If-Modified-Since) request to the origin server, and the server
confirmed that the object has not been modified. Therefore, the
appliance fetched the object from either the disk or memory cache.
TCP_CLIENT_REFRESH_MISS
The client sent a “don’t fetch response from cache” request by issuing
the ‘Pragma: no-cache’ header. Due to this header from the client, the
appliance fetched the object from the origin server.
the ‘Pragma: no-cache’ header. Due to this header from the client, the
appliance fetched the object from the origin server.
TCP_DENIED
The client request was denied due to Access Policies.