Cisco Cisco Web Security Appliance S170 사용자 가이드
25-28
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 25 Logging
Custom Formatting in Access Logs and W3C Logs
Custom Formatting in Access Logs and W3C Logs
You can customize access logs and W3C access logs to include many different fields to capture
comprehensive information about web traffic within the network. Access logs use format specifiers, and
the W3C access logs use W3C log fields.
comprehensive information about web traffic within the network. Access logs use format specifiers, and
the W3C access logs use W3C log fields.
describes the W3C log fields you can include in the W3C access logs and the custom format
specifiers (for the access logs) they correspond with.
Table 25-11
Log Fields in W3C Logs and Format Specifiers in Access Logs
W3C Log Field
Format Specifier in
Access Logs
Access Logs
Description
bytes
%B
Total bytes used (request size + response
size, which is %q + %s)
size, which is %q + %s)
c-ip
%a
Client IP Address
c-port
%F
Client source port
CMF
%M
Cache miss flags, CMF flags
cs(Cookie)
%C
Cookie header. This field is written with
double-quotes in the access logs.
double-quotes in the access logs.
cs(Referer)
%<Referer:
Referer
cs(User-Agent)
%u
User agent. This field is written with
double-quotes in the access logs.
double-quotes in the access logs.
cs(X-Forwarded-For)
%f
X-Forwarded-For header
cs-auth-group
%g
Authorized group names. This field is written
with double-quotes in the access logs.
with double-quotes in the access logs.
cs-auth-mechanism
%m
The authentication mechanism used on the
transaction. Possible values are:
transaction. Possible values are:
•
BASIC. The user name was
authenticated using the Basic
authentication scheme.
authenticated using the Basic
authentication scheme.
•
NTLMSSP. The user name was
authenticated using the NTLMSSP
authentication scheme.
authenticated using the NTLMSSP
authentication scheme.
•
SSO_TUI. The user name was obtained
by matching the client IP address to an
authenticated user name using
transparent user identification.
by matching the client IP address to an
authenticated user name using
transparent user identification.
•
SSO_ASA. The user is a remote user and
the user name was obtained from a Cisco
ASA using the Secure Mobility Solution.
the user name was obtained from a Cisco
ASA using the Secure Mobility Solution.
•
FORM_AUTH. The user entered
authentication credentials in a form in
the web browser when accessing a SaaS
application.
authentication credentials in a form in
the web browser when accessing a SaaS
application.
•
GUEST. The user failed authentication
and instead was granted guest access.
and instead was granted guest access.