Cisco Cisco Web Security Appliance S170 사용자 가이드
W 3 C C O M P L I A N T A C C E S S L O G S
C H A P T E R 2 0 : L O G G I N G
447
W 3 C C O M P L I A N T A C C E S S L O G S
The Web Security appliance provides two different log types for recording Web Proxy
transaction information, the access logs and the W3C access logs. The W3C access logs are
W3C compliant, and record transaction history in the W3C Extended Log File (ELF) Format.
transaction information, the access logs and the W3C access logs. The W3C access logs are
W3C compliant, and record transaction history in the W3C Extended Log File (ELF) Format.
You can create multiple W3C access log subscriptions and define the data to include in each.
You might want to create one W3C access log that includes all information your organization
typically needs, and other, specialized W3C access logs that can be used for troubleshooting
purposes or special analysis. For example, you might want to create a W3C access log for an
HR manager that only needs access to certain information.
You might want to create one W3C access log that includes all information your organization
typically needs, and other, specialized W3C access logs that can be used for troubleshooting
purposes or special analysis. For example, you might want to create a W3C access log for an
HR manager that only needs access to certain information.
Consider the following rules and guidelines when working with W3C access logs:
• You define what data is recorded in each W3C access log subscription.
• The W3C logs are self-describing. The file format (list of fields) is defined in a header at
the start of each log file.
• Fields in the W3C access logs are separated by a white space.
• If a field contains no data for a particular entry, a hyphen ( - ) is included in the log file
instead.
• Each line in the W3C access log file relates to one transaction, and each line is terminated
by a LF sequence.
• When defining a W3C access log subscription, you can choose from a list of predefined
log fields or enter a custom log field. For more information, see “Working with Log Fields
in W3C Access Logs” on page 448.
in W3C Access Logs” on page 448.
• If you want to use a third party log analyzer tool to read and parse the W3C access logs,
you might need to include the “timestamp” field. The timestamp W3C field displays time
since the UNIX epoch, and most log analyzers only understand time in this format.
since the UNIX epoch, and most log analyzers only understand time in this format.
• If you want to copy the log fields included in a W3C access log in their order, use the
logconfig > edit
CLI command. The CLI displays the log fields in order, from which
you can copy and then paste them into a separate Web Security appliance web interface.
W3C Log File Headers
Each W3C log file contains header text at the beginning of the file. Each line starts with the #
character and provides information about the Web Security appliance that created the log file.
The W3C log file headers also include the file format (list of fields), making the log file self-
describing.
character and provides information about the Web Security appliance that created the log file.
The W3C log file headers also include the file format (list of fields), making the log file self-
describing.