ProxySG & Advanced Secure Gateway

Hi Team,

One of our customer looking for the accesslog information (each section). We couldnt find any document related to this.

please help us to understand each section of the accesslogs.

=======================================================================================================================================

We configured the Bluecoat to send log to Reporter and the log format should be  ‘bcreportermain_v1’ , below is its log format while it seems doesn’t match with the log entry.

Many field contain IP/URL information (e.g. cs_Referer, cs_host, dest, dest_host, http_referrer, s_supplier_ip, s_supplier_name, url, etc.), I want to know the meaning of each field.

Log format of ‘bcreportermain_v1’,

date time time-taken c-ip cs-username cs-auth-group x-exception-id scfilter-

result cs-categories cs(Referer) sc-status s-action cs-method

rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uriquery

cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virusid

An example for a log entry,

2018-05-09 02:20:13 68 186.16.184.5 - - pagead2.googlesyndication.com 172.217.25.2 None - - OBSERVED "Web Ads/Analytics" http://hk.on.cc/hk/bkn/cnt/finance/20180503/bkn-20180503090146024-0503_00842_001.html  204 TCP_NC_MISS GET text/html;%20charset=UTF-8 http pagead2.googlesyndication.com 80 /pagead/gen_204 ?id=vpaid_adapter_js&event=init&vps=0.795292869681004&wt=1525832413389&sdkv=h.3.208.0&xai=AKAOjssa_ds3QNpTUO-AJjPRcwucQ-8xb1g3aRKck52RZ6sqxa4CMJXuV0cP5aocBZJS15HzjqBIFRWNkD0GXSsLK7F2EXO0Ll9J0CvewoiXAmGYkHgMng4GjxCys4r6f6v8NBeKPgrrpqXgoHWW8TSdfEbgKnzkGwBFpWmBL5icTJcGkYLHvWBe-3S1izhq2B2clj1ovZd2LM8iOrdcEWhv04Dsxcx3y8mVl3R4LZCp4DgfSfihv_4TjsBiQNTktUmdPT7HVln1tpBewdK1kXFUX6s_MY3qr81AP5Wri0TmwvcAFfRXuU_Wva1NMcXrpKKMX7lerIFiQtjyDNZ0ozuM_Fmo0EH1s42hzHyOxRNc4K-vwRP0pnalG3MR-CwNtS_teVd0aYlrTQH39Hteb5tGj4zuIBGHnxXmc9Z69pRjCfe4Eb_BlBabzxiIS7LHQ7OK5tp8FBHt899zxICfYCgxX1MZbmzzoUeCYxa8hpvQREHg8tQSWyOeJLcl41hmSV5gOmHO3Fl0069_YoUFYPbqHXxie_8UstobRw49LsYAyqFuCBsp8BdJeElp3OF-tHOZP77hZVICyQDeaf1c3byv8OKZfpCKlXqZg773mu-NkGHG54jkj4KtmOeLOGyL2NcBXixeJF_JwgHIMRmfV1U6SHiTUoU0lY09q5cK-b30lL_SqrW8jQG7WkrJaQBdk7oIBjqyIh2iBESOgE9PmgC3b5_AwzoJcVFHnj8fTSJacfDg-Wsio2_hYLJo_dNwW8ZftJAcdibVl3GhEAyAasvjdeigWHG-DidYKkkh&url=2,http://hk.on.cc/hk/bkn/cnt/finance/20180503/bkn-20180503090146024-0503_00842_001.html$0 - "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36" 186.16.216.1 496 1569 - "unavailable" "unavailable" unavailable 213cfd70961615d9-00000000bafc0d97-000000005af25add - -

========================================================================================================================================================

Thanks,

Ram.

Hi Ram,

 You can refer chapter 33 in the SGOS 6.7 admin guide for the details on each field name

Ref: https://support.symantec.com/content/unifiedweb/en_US/article.DOC10459.html