Cisco Cisco Web Security Appliance S170 Guida Utente

%t

1278096903.150

 

Timestamp since UNIX epoch.

%e 

97

Elapsed time (latency) in milliseconds.

%a 

172.xx.xx.xx

Client IP address. 

Note: You can choose to mask the IP address in the access logs 
using the 

advancedproxyconfig > authentication

 CLI 

command. 

%w

TCP_MISS

Transaction result code.

For more information, see 

.

%h 

200

HTTP response code.

%s 

8187

Response size (headers + body).

%2r 

GET http://my.site.com/

First line of the request.

Note: When the first line of the request is for a native FTP 
transaction, some special characters in the file name are URL 
encoded in the access logs. For example, the “@” symbol is 
written as “%40” in the access logs. 

The following characters are URL encoded:

& # % + , : ; = @ ^ { } [ ]

 

%A 

-

Authenticated username.

Note: You can choose to mask the username in the access logs 
using the 

advancedproxyconfig > authentication

 CLI 

command. 

%H

DIRECT

Code that describes which server was contacted for the 
retrieving the request content. 

Most common values include:

NONE. The Web Proxy had the content, so it did not 
contact any other server to retrieve the content.

DIRECT. The Web Proxy went to the server named in the 
request to get the content.

DEFAULT_PARENT. The Web Proxy went to its primary 
parent proxy or an external DLP server to get the content. 

%d

my.site.com

 

Data source or server IP address.

%c 

text/plain

Response body MIME type.

%D 

DEFAULT_CASE_11

 

ACL decision tag. 

Note: The end of the ACL decision tag includes a dynamically 
generated number that the Web Proxy uses internally. You can 
ignore this number.

For more information, see 

.