Cisco Cisco Web Security Appliance S170 사용자 가이드

The access log file provides a descriptive record of all Web Proxy filtering and scanning activity. Access 
log file entries display a record of how the appliance handled each transaction. You can view the access 
log file from the System Administration > Log Subscriptions page.

The W3C access log also records all Web Proxy filtering and scanning activity, but in a format that is 
W3C compliant. For more information, see 

The following text is an example access log file entry for a single transaction: 

 describes the different fields in the access log file entry. 

1278096903.150 97 172.xx.xx.xx TCP_MISS/200 8187 GET http://my.site.com/ - 

DIRECT/my.site.com text/plain 

DEFAULT_CASE_11-AccessOrDecryptionPolicy-Identity-OutboundMalwareScanningPolicy-DataSecu

rityPolicy-ExternalDLPPolicy-RoutingPolicy 

<IW_comp,6.9,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_comp,-,"-","-","Unknown","Un

known","-","-",198.34,0,-,[Local],"-","-"> -

%t

1278096903.150

 

Timestamp since UNIX epoch.

%e 

97

Elapsed time (latency) in milliseconds.

%a 

172.xx.xx.xx

Client IP address. 

Note: You can choose to mask the IP address in the access logs 
using the 

advancedproxyconfig > authentication

 CLI 

command. 

%w

TCP_MISS

Transaction result code.

For more information, see 

.

%h 

200

HTTP response code.

%s 

8187

Response size (headers + body).

%2r 

GET http://my.site.com/

First line of the request.

Note: When the first line of the request is for a native FTP 
transaction, some special characters in the file name are URL 
encoded in the access logs. For example, the “@” symbol is written 
as “%40” in the access logs. 

The following characters are URL encoded:

& # % + , : ; = @ ^ { } [ ]

 

%A 

-

Authenticated username.

Note: You can choose to mask the username in the access logs 
using the 

advancedproxyconfig > authentication

 CLI 

command.