Understanding CloudSWG access logs
search cancel

Understanding CloudSWG access logs

book

Article ID: 173596

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

You have downloaded access logs from the Cloud SWG service (previously known as: WSS) and would like to understand the meaning of each field found in the logs.

Resolution

The field names are included, in order, in a commented line at the top of each log/text file downloaded from the service.

Please refer to the documentation for current information on each access log field: 

Cloud SWG Log Fields

 

For example, the beginning of an access log could start with: 

#Fields: date time time-taken c-ip cs-userdn cs-auth-groups x-exception-id sc-filter-result ear-cs-categories cs(referer) sc-status s-action cs-method rs(conte
nt-type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(user-agent) s-ip sc-bytes cs-bytes x-data-leak-detected x-virus-id x-bl
uecoat-location-name x-bluecoat-access-type x-bluecoat-application-name x-bluecoat-application-operation r-ip r-supplier-country x-rs-certificate-validate-stat
us x-rs-certificate-observed-errors x-cs-ocsp-error x-rs-ocsp-error x-rs-connection-negotiated-ssl-version x-rs-connection-negotiated-cipher x-rs-connection-ne
gotiated-cipher-size x-rs-certificate-hostname x-rs-certificate-hostname-categories x-cs-connection-negotiated-ssl-version x-cs-connection-negotiated-cipher x-
cs-connection-negotiated-cipher-size x-cs-certificate-subject cs-icap-status cs-icap-error-details rs-icap-status rs-icap-error-details x-cs-client-ip-country
cs-threat-risk x-rs-certificate-hostname-threat-risk x-client-agent-type x-client-os x-client-agent-sw x-client-device-id x-client-device-name x-client-device-
type x-client-security-posture-details x-client-security-posture-risk-score x-bluecoat-reference-id cs(x-requested-with) x-random-ipv6 x-bluecoat-transaction-u
uid x-bluecoat-appliance-name s-supplier-country s-supplier-failures s-supplier-ip x-bluecoat-location-id x-bluecoat-placeholder x-bluecoat-request-tenant-id x
-cloud-rs x-sc-connection-issuer-keyring x-sc-connection-issuer-keyring-alias