Cisco Cisco Web Security Appliance S170 Guida Utente
21-14
AsyncOS 8.7 for Cisco Web Security Appliances User Guide
Chapter 21 Monitor System Activity Through Logs
Access Log Files
Format Specifier
Field Value
Field Description
%t
1278096903.150
Timestamp since UNIX epoch.
%e
97
Elapsed time (latency) in milliseconds.
%a
172.xx.xx.xx
Client IP address.
Note: You can choose to mask the IP address in the access logs
using the
using the
advancedproxyconfig > authentication
CLI
command.
%w
TCP_MISS
Transaction result code.
For more information, see
.
%h
200
HTTP response code.
%s
8187
Response size (headers + body).
%2r
GET http://my.site.com/
First line of the request.
Note: When the first line of the request is for a native FTP
transaction, some special characters in the file name are URL
encoded in the access logs. For example, the “@” symbol is
written as “%40” in the access logs.
transaction, some special characters in the file name are URL
encoded in the access logs. For example, the “@” symbol is
written as “%40” in the access logs.
The following characters are URL encoded:
& # % + , : ; = @ ^ { } [ ]
%A
-
Authenticated username.
Note: You can choose to mask the username in the access logs
using the
using the
advancedproxyconfig > authentication
CLI
command.
%H
DIRECT
Code that describes which server was contacted for the
retrieving the request content.
retrieving the request content.
Most common values include:
•
NONE. The Web Proxy had the content, so it did not
contact any other server to retrieve the content.
contact any other server to retrieve the content.
•
DIRECT. The Web Proxy went to the server named in the
request to get the content.
request to get the content.
•
DEFAULT_PARENT. The Web Proxy went to its primary
parent proxy or an external DLP server to get the content.
parent proxy or an external DLP server to get the content.
%d
my.site.com
Data source or server IP address.
%c
text/plain
Response body MIME type.
%D
DEFAULT_CASE_11
ACL decision tag.
Note: The end of the ACL decision tag includes a dynamically
generated number that the Web Proxy uses internally. You can
ignore this number.
generated number that the Web Proxy uses internally. You can
ignore this number.
For more information, see
.