There are times when you want to monitor/check the accesslog for a particular client IP or destination during troubleshooting but the default access log has too much information because it is logging all traffic. The steps below details how you can configure to log only traffic from specific client IP or domain (you can use other conditions to fit your requirement as needed):

MyCF#conf t
Enter configuration commands, one per line.  End with CTRL-Z.

MyCF#(config)access-log

MyCF#(config access-log)create log monitoring
  ok
MyCF#(config access-log)edit log monitoring

MyCF#(config log monitoring)format-name extended_diagnostic
Warning: If log entries in the current format exists, changing the log format may cause log entries in different formats to be uploaded to the same log file.
  ok

MyCF#(config log monitoring)description "For testing during POC"
  ok

MyCF#(config log monitoring)exit

MyCF#(config access-log)exit

MyCF#(config)exit

Once the logging facility is configured, use the following local policy to write to the newly create accesslog:

<access>
client.address=192.168.1.5 access_log[monitoring](yes) <-- This policy logs all intercepted access from the client: 192.168.1.5
url.domain=www.bluecoat.com access_log[monitoring](yes) <-- This logs all traffic that goes to: www.bluecoat.com