Cisco Cisco Web Security Appliance S690 Guía Del Usuario

Refer to 

 for a description of each format specifier’s function.

The Web Security appliance provides two different log types for recording Web Proxy transaction 
information: access logs and W3C access logs. W3C access logs are W3C compliant, and record 
transaction history in the W3C Extended Log File (ELF) Format.

When defining a W3C access log subscription, you must choose which log fields to include, such as the 
ACL decision tag or the client IP address. You can include one of the following types of log fields:

Predefined. The web interface includes a list of fields from which you can choose.

User defined. You can type a log field that is not included in the predefined list. 

Consider the following rules and guidelines when interpreting W3C access logs:

Administrators decide what data is recorded in each W3C access log subscription; therefore, W3C 
access logs have no set field format.

W3C logs are self-describing. The file format (list of fields) is defined in a header at the start of each 
log file.

Fields in the W3C access logs are separated by a white space.

If a field contains no data for a particular entry, a hyphen ( - ) is included in the log file instead.

37

"WSA-INFECTED-FILE.pdf

"

%X#5#

The name of the file being downloaded and analyzed.

38

"fd5ef49d4213e05f448f1

1ed9c98253d85829614fba

368a421d14e64c426da5e

%X#6#

The SHA-256 identifier for this file.