Cisco Cisco Web Security Appliance S170 사용자 가이드

You can customize access logs and W3C access logs to include many different fields to capture 
comprehensive information about web traffic within the network. Access logs use format specifiers, and 
the W3C access logs use W3C log fields. 

 describes the W3C log fields you can include in the W3C access logs and the custom format 

specifiers (for the access logs) they correspond with. 

bytes

%B

Total bytes used (request size + response 
size, which is %q + %s)

c-ip

%a

Client IP Address

c-port

%F

Client source port

CMF

%M

Cache miss flags, CMF flags

cs(Cookie)

%C

Cookie header. This field is written with 
double-quotes in the access logs.

cs(Referer)

%<Referer:

Referer

cs(User-Agent)

%u

User agent. This field is written with 
double-quotes in the access logs.

cs(X-Forwarded-For)

%f

X-Forwarded-For header

cs-auth-group

%g

Authorized group names. This field is written 
with double-quotes in the access logs.

cs-auth-mechanism

%m

The authentication mechanism used on the 
transaction. Possible values are:

BASIC. The user name was 
authenticated using the Basic 
authentication scheme.

NTLMSSP. The user name was 
authenticated using the NTLMSSP 
authentication scheme.

SSO_TUI. The user name was obtained 
by matching the client IP address to an 
authenticated user name using 
transparent user identification.

SSO_ASA. The user is a remote user and 
the user name was obtained from a Cisco 
ASA using the Secure Mobility Solution.

FORM_AUTH. The user entered 
authentication credentials in a form in 
the web browser when accessing a SaaS 
application.

GUEST. The user failed authentication 
and instead was granted guest access.