search cancel

Understanding Web Security Service access logs

book

Article ID: 173596

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

You have downloaded access logs from the Web Security Service (WSS) and would like to understand the meaning of each field found in the logs.

Resolution

The field names are included in order in a commented out line at the top of each log/text file downloaded from WSS. Please refer to the documentation here for further information on each access log field.

The beginning of a WSS access log is shown below for reference:

#Fields: date time time-taken c-ip cs-userdn cs-auth-groups x-exception-id sc-filter-result ear-cs-categories cs(referer) sc-status s-action cs-method rs(conte
nt-type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(user-agent) s-ip sc-bytes cs-bytes x-data-leak-detected x-virus-id x-bl
uecoat-location-name x-bluecoat-access-type x-bluecoat-application-name x-bluecoat-application-operation r-ip r-supplier-country x-rs-certificate-validate-stat
us x-rs-certificate-observed-errors x-cs-ocsp-error x-rs-ocsp-error x-rs-connection-negotiated-ssl-version x-rs-connection-negotiated-cipher x-rs-connection-ne
gotiated-cipher-size x-rs-certificate-hostname x-rs-certificate-hostname-categories x-cs-connection-negotiated-ssl-version x-cs-connection-negotiated-cipher x-
cs-connection-negotiated-cipher-size x-cs-certificate-subject cs-icap-status cs-icap-error-details rs-icap-status rs-icap-error-details x-cs-client-ip-country
cs-threat-risk x-rs-certificate-hostname-threat-risk x-client-agent-type x-client-os x-client-agent-sw x-client-device-id x-client-device-name x-client-device-
type x-client-security-posture-details x-client-security-posture-risk-score x-bluecoat-reference-id cs(x-requested-with) x-random-ipv6 x-bluecoat-transaction-u
uid x-bluecoat-appliance-name s-supplier-country s-supplier-failures s-supplier-ip x-bluecoat-location-id x-bluecoat-placeholder x-bluecoat-request-tenant-id x
-cloud-rs x-sc-connection-issuer-keyring x-sc-connection-issuer-keyring-alias