Cisco Cisco Web Security Appliance S670 Mode D'Emploi
21-30
AsyncOS 9.0 for Cisco Web Security Appliances User Guide
Chapter 21 Monitor System Activity Through Logs
Log File Fields and Tags
%:1<
x-c2p-first-byte-time
Wait-time for first request byte from new
client connection.
client connection.
%:1>
x-p2c-first-byte-time
Wait-time for first byte written to client.
%:A<
x-p2p-avc-svc-time
Wait-time to receive the response from the AVC
process, including the time required for the Web
Proxy to send the request.
process, including the time required for the Web
Proxy to send the request.
%:A>
x-p2p-avc-wait-time
Wait-time to receive the response from the AVC
process, after the Web Proxy sent the request.
process, after the Web Proxy sent the request.
%:b<
x-c2p-body-time
Wait-time for complete client body.
%:b>
x-p2c-body-time
Wait-time for complete body written to client.
%:C<
x-p2p-dca-resp-svc-time
Wait-time to receive the verdict from the Dynamic
Content Analysis engine, including the time
required for the Web Proxy to send the request.
Content Analysis engine, including the time
required for the Web Proxy to send the request.
%:C>
x-p2p-dca-resp-wait-time
Wait-time to receive the response from the Dynamic
Content Analysis engine, after the Web Proxy sent
the request.
Content Analysis engine, after the Web Proxy sent
the request.
%:h<
x-c2p-header-time
Wait-time for complete client header after first byte
%:h>
x-s2p-header-time
Wait-time for complete header written to client
%:m<
x-p2p-mcafee-resp-svc-
time
time
Wait-time to receive the verdict from the McAfee
scanning engine, including the time required for the
Web Proxy to send the request.
scanning engine, including the time required for the
Web Proxy to send the request.
%:m>
x-p2p-mcafee-resp-wait-
time
time
Wait-time to receive the response from the McAfee
scanning engine, after the Web Proxy sent the request.
scanning engine, after the Web Proxy sent the request.
%:p<
x-p2p-sophos-resp-svc-
time
time
Wait-time to receive the verdict from the Sophos
scanning engine, including the time required for the
Web Proxy to send the request.
scanning engine, including the time required for the
Web Proxy to send the request.
%:p>
x-p2p-sophos-resp-wait-
time
time
Wait-time to receive the response from the Sophos
scanning engine, after the Web Proxy sent the request.
scanning engine, after the Web Proxy sent the request.
%:w<
x-p2p-webroot-resp-svc-
time
time
Wait-time to receive the verdict from the Webroot
scanning engine, including the time required for the
Web Proxy to send the request.
scanning engine, including the time required for the
Web Proxy to send the request.
%:w>
x-p2p-webroot-resp-wait-
time
time
Wait-time to receive the response from the Webroot
scanning engine, after the Web Proxy sent the request.
scanning engine, after the Web Proxy sent the request.
%?BLOCK_SUSP
ECT_USER_AGE
NT,MONITOR_
SUSPECT_USER_
AGENT?%<User-
Agent:%!%-%.
ECT_USER_AGE
NT,MONITOR_
SUSPECT_USER_
AGENT?%<User-
Agent:%!%-%.
x-suspect-user-agent
Suspect user agent, if applicable. If the Web Proxy
determines the user agent is suspect, it will log
the user agent in this field. Otherwise, it logs a
hyphen. This field is written with double-quotes
in the access logs.
determines the user agent is suspect, it will log
the user agent in this field. Otherwise, it logs a
hyphen. This field is written with double-quotes
in the access logs.
%<Referer:
cs(Referer)
Referer
%>Server:
sc(Server)
Server header in the response.
%a
c-ip
Client IP Address.
Format Specifier in
Access Logs
Access Logs
Log Field in W3C Logs
Description