Cisco Cisco Web Security Appliance S690 Guía Del Usuario

Choose the format of the information. You can choose among the following 
format options:

Apache

Squid

Squid Details

Exclude entries based on HTTP status codes. You can configure the access 
log to not include transactions based on particular HTTP status codes to filter 
out certain transactions. For example, you might want to filter out 
authentication failure requests that have codes of 407 or 401.

The appliance creates a directory for each log subscription based on the log 
subscription name. The name of the log file in the directory is composed of the 
following information:

Log file name specified in the log subscription

Timestamp when the log file was started

A single-character status code, either 

.c

 (signifying current) or 

.s

 (signifying 

saved)

The filename of logs are made using the following formula:

/LogSubscriptionName/LogFilename.@timestamp.statuscode

 

You should only transfer log files with the saved status.

AsyncOS rolls over log subscriptions based on settings you make in each log 
subscription. Rolling over a log subscription is an AsyncOS process that 
accomplishes the following tasks:

Creates a new log file with the timestamp of the rollover and designates the 
file as current with the letter “c” extension.

Renames the current log file to have a letter “s” extension signifying saved.