User Guide
CUSTOM FORMATTING IN ACCESS LOGS AND W3C LOGS
CHAPTER 20: LOGGING 453
x-result-code %Xr Result code
x-resultcode-httpstatus %w/%h Result code and the HTTP response code,
with a slash (/) in between
x-suspect-user-agent %?BLOCK_SUSPE
CT_USER_AGENT,
MONITOR_SUSPE
CT?%<User-
Agent:%!%-%.
Suspect user agent, if applicable. If the Web
Proxy determines the user agent is suspect, it
will log the user agent in this field.
Otherwise, it logs a hyphen. This field is
written with double-quotes in the access
logs.
x-transaction-id %I Transaction ID
x-wbrs-score %XW Decoded WBRS score <-10.0-10.0>
N/A %Xw Raw numeric WBRS score
N/A %Xc URL category code (numeric) of the URL
category assigned to the transaction.
Applies to both IronPort URL Filters and
Cisco IronPort Web Usage Controls URL
filtering engines.
x-webcat-code-abbr %XC URL category abbreviation for the URL
category assigned to the transaction.
Applies to both IronPort URL Filters and
Cisco IronPort Web Usage Controls URL
filtering engines.
x-webcat-code-full %XF Full name of the URL category assigned to
the transaction. This field is written with
double-quotes in the access logs.
Applies to both IronPort URL Filters and
Cisco IronPort Web Usage Controls URL
filtering engines.
N/A %Xq The URL category code (numeric)
determined during request-side scanning.
Applies to both IronPort URL Filters and
Cisco IronPort Web Usage Controls URL
filtering engines.
Table 20-11 Log Fields in W3C Logs and Format Specifiers in Access Logs (Continued)
W3C Log Field Format Specifier
in Access Logs
Description