search cancel

WSS Access Log Fields and Changes

book

Article ID: 175519

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

WSS customers who use third-party reporting applications, such as Splunk, need to know what the Access Log string is. The following portal topic provides that information:

Access Log Formats

Symantec periodically adds or removes fields. Because WSS is a service, you might require to know about these changes before the next portal update goes live so that you can adjust your automated processes and ensure a seamless reporting experience. This article will provide advance notice of these changes (Symantec also includes the new fields in customer notifications and the preview Release Notes).

Resolution

Fields string available since the July 26, 2019 Portal release:

#Fields: x-bluecoat-request-tenant-id date time x-bluecoat-appliance-name time-taken c-ip cs-userdn cs-auth-groups x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-icap-reqmod-header(X-ICAP-Metadata) x-icap-respmod-header(X-ICAP-Metadata) x-data-leak-detected x-virus-id x-bluecoat-location-id x-bluecoat-location-name x-bluecoat-access-type x-bluecoat-application-name x-bluecoat-application-operation r-ip r-supplier-country x-rs-certificate-validate-status x-rs-certificate-observed-errors x-cs-ocsp-error x-rs-ocsp-error x-rs-connection-negotiated-ssl-version x-rs-connection-negotiated-cipher x-rs-connection-negotiated-cipher-size x-rs-certificate-hostname x-rs-certificate-hostname-categories x-cs-connection-negotiated-ssl-version x-cs-connection-negotiated-cipher x-cs-connection-negotiated-cipher-size x-cs-certificate-subject cs-icap-status cs-icap-error-details rs-icap-status rs-icap-error-details s-supplier-ip s-supplier-country s-supplier-failures x-cs-client-ip-country cs-threat-risk x-rs-certificate-hostname-threat-risk x-client-agent-type x-client-os x-client-agent-sw x-client-device-id x-client-device-name x-client-device-type x-client-security-posture-details x-client-security-posture-risk-score x-bluecoat-reference-id x-sc-connection-issuer-keyring x-sc-connection-issuer-keyring-alias x-cloud-rs x-bluecoat-placeholder cs(X-Requested-With) x-random-ipv6 x-bluecoat-transaction-uuid

New fields:

  • x-icap-reqmod-header(X-ICAP-Metadata)
  • x-icap-respmod-header(X-ICAP-Metadata)
  • x-random-ipv6