Cisco Cisco Web Security Appliance S380 Guía Del Usuario

The Web Security appliance provides two different log types for recording Web Proxy transaction 
information: access logs and W3C access logs. W3C access logs are W3C compliant, and record 
transaction history in the W3C Extended Log File (ELF) Format.

When defining a W3C access log subscription, you must choose which log fields to include, such as the 
ACL decision tag or the client IP address. You can include one of the following types of log fields:

Predefined. The web interface includes a list of fields from which you can choose.

User defined. You can type a log field that is not included in the predefined list. 

Consider the following rules and guidelines when interpreting W3C access logs:

Administrators decide what data is recorded in each W3C access log subscription; therefore, W3C 
access logs have no set field format.

W3C logs are self-describing. The file format (list of fields) is defined in a header at the start of each 
log file.

Fields in the W3C access logs are separated by a white space.

If a field contains no data for a particular entry, a hyphen ( - ) is included in the log file instead.

Each line in the W3C access log file relates to one transaction, and each line is terminated by a LF 
sequence.

Each W3C log file contains header text at the beginning of the file. Each line starts with the # character 
and provides information about the Web Security appliance that created the log file. The W3C log file 
headers also include the file format (list of fields), making the log file self-describing.