Cisco Cisco Web Security Appliance S190 Mode D'Emploi

You can enter multiple user defined fields in the Custom Fields box and add them simultaneously as long 
as each entry is separated by a new line (click Enter) before clicking Add.

When you change the log fields included in a W3C log subscription, the log subscription automatically 
rolls over. This allows the latest version of the log file to include the correct new field headers. 

You can create a custom field for any header in a client request or a server response.

Submit and commit your changes.

.

If the list of predefined Access log and W3C log fields does not include all header information you want 
to log from HTTP/HTTPS transactions, you can type a user defined log field in the Custom Fields text 
box when you configure the access and W3C log subscriptions.

Custom log fields can be any data from any header sent from the client or the server. If a request or 
response does not include the header added to the log subscription, the log file includes a hyphen as the 
log field value.

The following table defines the syntax to use for access and W3C logs: 

For example, if you want to log the If-Modified-Since header value in client requests, enter the following 
text in the Custom Fields box for a W3C log subscription:

cs(If-Modified-Since)

.

Use the examples below to interpret the various entry types contains in Traffic Monitor Logs.

172.xx.xx.xx discovered for blocksite.net (blocksite.net) added to firewall block list.

Header from the client application

%<ClientHeaderName:

cs(ClientHeaderName) 

Header from the server

%<ServerHeaderName: sc(ServerHeaderName)