Cisco Cisco Web Security Appliance S680 Guía Del Usuario
20-12
Cisco AsyncOS 8.0.6 for Web User Guide
Chapter 20 Monitor System Activity Through Logs
Interpreting Access Logs
Interpreting Access Logs
Step 1
Familiarize yourself with this example access log entry for a single transaction and notice the field
values:
values:
a.
Notice that each field is separated by spaces.
b.
Familiarize yourself with the fields in this example:
1278096903.150 97 172.xx.xx.xx TCP_MISS/200 8187 GET http://my.site.com/ -
DIRECT/my.site.com text/plain
DEFAULT_CASE_11-AccessOrDecryptionPolicy-Identity-OutboundMalwareScanningPolicy-DataSecu
rityPolicy-ExternalDLPPolicy-RoutingPolicy
<IW_comp,6.9,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_comp,-,"-","-","Unknown","Un
known","-","-",198.34,0,-,[Local],"-",37,"W32.CiscoTestVector",33,0,"WSA-INFECTED-FILE.p
df","fd5ef49d4213e05f448f11ed9c98253d85829614fba368a421d14e64c426da5e”> -
Position
Field Value
Abbreviated Description
1
1278096903.150
Timestamp in UNIX epoch.
2
97
Elapsed time in milliseconds.
3
172.xx.xx.xx
Client IP Address.
4
TCP_MISS
Result code for the client request resolution. Indicates
whether the content was retrieved from cache or the origin
server.
whether the content was retrieved from cache or the origin
server.
5
200
HTTP response code.
6
8187
Response size (header + body).
7
GET http://my.site.com/
First line of the request.
8
-
Authenticated user name.
9
DIRECT
Hierarchy retrieval.
10
my.site.com
Data source or server IP address.
11
text/plain
Response body MIME type.
12
DEFAULT_CASE_11
Access Control List (ACL) Decision.
13
AccessOrDecryptionPolicy
Access Policy or Decryption Policy group name.
(Part of the ACL decision tag)
14
Identity
Identity policy group name. (Part of the ACL decision tag)
15
OutboundMalwareScanningP
olicy
Outbound Malware Scanning Policy group name.
(Part of the ACL decision tag)
16
DataSecurityPolicy
Cisco Data Security Policy group name.
(Part of the ACL decision tag)
17
ExternalDLPPolicy
External DLP Policy group name.
(Part of the ACL decision tag)
18
RoutingPolicy
Routing Policy group name as
ProxyGroupName/ProxyServerName.
ProxyGroupName/ProxyServerName.
(Part of the ACL decision tag)