Cisco Cisco Web Security Appliance S190 Guía Del Usuario
24-14
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 24 Logging
Access Log File
Step 13
Submit and commit your changes.
Step 14
If you chose SCP as the retrieval method, the appliance displays an SSH key to you must place on the
SCP server host.
SCP server host.
Deleting a Log Subscription
Step 1
Navigate to the System Administration > Log Subscriptions page.
Step 2
Click the icon under the Delete column for the log subscription you want to delete.
Step 3
Submit and commit your changes.
Access Log File
The access log file provides a descriptive record of all Web Proxy filtering and scanning activity. Access
log file entries display a record of how the appliance handled each transaction. You can view the access
log file from the System Administration > Log Subscriptions page.
log file entries display a record of how the appliance handled each transaction. You can view the access
log file from the System Administration > Log Subscriptions page.
Note
The W3C access log also records all Web Proxy filtering and scanning activity, but in a format that is
W3C compliant. For more information, see
W3C compliant. For more information, see
.
The following text is an example access log file entry for a single transaction:
describes the different fields in the access log file entry.
1278096903.150 97 172.xx.xx.xx TCP_MISS/200 8187 GET http://my.site.com/ -
DIRECT/my.site.com text/plain
DEFAULT_CASE_11-AccessOrDecryptionPolicy-Identity-OutboundMalwareScanningPolicy-DataSecu
rityPolicy-ExternalDLPPolicy-RoutingPolicy
<IW_comp,6.9,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_comp,-,"-","-","Unknown","Un
known","-","-",198.34,0,-,[Local],"-","-"> -
Table 24-5
Access Log File Entry Fields
Format Specifier
Field Value
Field Description
%t
1278096903.150
Timestamp since UNIX epoch.
%e
97
Elapsed time (latency) in milliseconds.
%a
172.xx.xx.xx
Client IP address.
Note: You can choose to mask the IP address in the access logs
using the
using the
advancedproxyconfig > authentication
CLI
command.
%w
TCP_MISS
Transaction result code.
For more information, see
.
%h
200
HTTP response code.