To do that we have to:
1. Create a new format by going to the management console -> Configuration -> Access Logging -> Formats, and click on New tab at the Log Formats screen. Give any name to the new format by typing the name in the Format Name field.
2. Paste the expression (date time time-taken c-ip cs-username cs-auth-groups x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-bluecoat-application-name x-bluecoat-application-operation) into the Format field and keep the default selection (W3C Extended Log File Format (ELFF) String (Specify below)).
3. Click on Test Format to make sure that your format is correct and accepted by the system, then click OK then Apply. Click OK on the Change Done Successfully pop-up window
4. Create new logs name by going to Configuration -> Access Logging -> Logs, and click on New tab.
5. Give the new log a name in the Log Name field at the Create Log screen.
6. Drag down the Log Format selection and choose the format you’ve just created in the steps before.
7. Give description to the new log if necessary.
8. Keep all other setting as default and click OK then Apply.
9. To activate the new log go to Configuration -> Access Logging -> General -> Default Logging.
10. Click on HTTP from the Default Logging Policy and click on Edit below.
11. In the Default Log, drag down to the new log you’ve just create in the previous steps and click OK then Apply. Click OK on the Changes Done Successfully pop-up window.
Now you can test the new logs by going to Statistics -> Access logging, and then drag down the selection to the new log type you’ve just created earlier and click on Start Tail. Then, browse any http website and you can find all the groups that user belongs to.