Cisco Cisco Web Security Appliance S380 Guida Utente
20-15
Cisco AsyncOS 8.0.6 for Web User Guide
Chapter 20 Monitor System Activity Through Logs
Access Log Field Descriptions and Identifiers
%:m<
x-p2p-mcafee-resp-svc-time
Wait-time to receive the verdict from the
McAfee scanning engine, including the time
required for the Web Proxy to send the
request.
McAfee scanning engine, including the time
required for the Web Proxy to send the
request.
%:m>
x-p2p-mcafee-resp-wait-time Wait-time to receive the response from the
McAfee scanning engine, after the Web
Proxy sent the request.
Proxy sent the request.
%:p<
x-p2p-sophos-resp-svc-time
Wait-time to receive the verdict from the
Sophos scanning engine, including the time
required for the Web Proxy to send the
request.
Sophos scanning engine, including the time
required for the Web Proxy to send the
request.
%:p>
x-p2p-sophos-resp-wait-time Wait-time to receive the response from the
Sophos scanning engine, after the Web Proxy
sent the request.
sent the request.
%:w<
x-p2p-webroot-resp-svc-time Wait-time to receive the verdict from the
Webroot scanning engine, including the time
required for the Web Proxy to send the
request.
required for the Web Proxy to send the
request.
%:w>
x-p2p-webroot-resp-wait-tim
e
e
Wait-time to receive the response from the
Webroot scanning engine, after the Web
Proxy sent the request.
Webroot scanning engine, after the Web
Proxy sent the request.
%?BLOCK_SUSPECT
_USER_AGENT,
MONITOR_SUSPECT
_USER_AGENT?%
<User-Agent:%!%-%.
_USER_AGENT,
MONITOR_SUSPECT
_USER_AGENT?%
<User-Agent:%!%-%.
x-suspect-user-agent
Suspect user agent, if applicable. If the Web
Proxy determines the user agent is suspect, it
will log the user agent in this field.
Otherwise, it logs a hyphen. This field is
written with double-quotes in the access logs.
Proxy determines the user agent is suspect, it
will log the user agent in this field.
Otherwise, it logs a hyphen. This field is
written with double-quotes in the access logs.
%<Referer:
cs(Referer)
Referer
%>Server:
sc(Server)
Server header in the response
%a
c-ip
Client IP Address
%A
cs-username
Authenticated user name. This field is written
with double-quotes in the access logs.
with double-quotes in the access logs.
%b
sc-body-size
Bytes sent to the client from the Web Proxy
for the body content.
for the body content.
%B
bytes
Total bytes used (request size + response
size, which is %q + %s)
size, which is %q + %s)
%c
cs-mime-type
Response body MIME type. This field is
written with double-quotes in the access logs.
written with double-quotes in the access logs.
%C
cs(Cookie)
Cookie header. This field is written with
double-quotes in the access logs.
double-quotes in the access logs.
%d
s-hostname
Data source or server IP address
%D
x-acltag
ACL decision tag. See
.
Format Specifier in
Standard Access Logs
Standard Access Logs
Log Field in W3C Logs
Description