About Extended Log Field Headers

The following information about field values in extended log files might help you interpret the content of the files:

The information in the following table is supplementary to the W3C Extended Log Format Specification found on the Extended Log File Format Web site. You might find it useful for interpreting the content of extended log field headers.

Name Description Type Selectable Comments

date

GMT date in YYYY-MM-DD format

non-string

No

 

time

GMT time in HH:MM:SS format

non-string

No

 

c-ip

Client (browser) IP address

non-string

No

 

cs-authname

Username if applicable

non-string

Yes

 

s-ip

The appliance IP address

non-string

Yes

 

s-sitename

Reverse proxy or accelerator site name

non-string

Yes

 

cs-method

The HTTP method the browser sent to the appliance

non-string

Yes

 

cs-uri

The HTTP URL the browser sent to the appliance

non-string

Yes

The URL must not have spaces per the HTTP specification.

cs-uri-stem

The stem portion of the HTTP URL the browser sent to the appliance

non-string

Yes

The URL stem is everything up to the first question mark (?).

If the URL has no question mark, the cs-uri-stem is the same as the cs-uri.

This field is redundant if cs-uri is selected.

cs-uri-query

The query portion of the HTTP URL the browser sent to the appliance

non-string

Yes

The query portion is the first question mark through the end of the URL.

If the URL has no question mark, cs-uri-query has no value.

This field is redundant if cs-uri is selected.

c-version

The HTTP version specified in the URL the browser sent to the appliance

non-string

Yes

 

sc-status

The HTTP status code the appliance sent to the browser

non-string

Yes

 

sc-bytes

The number of bytes of HTTP response data the appliance sent to the browser

non-string

Yes

 

cs-bytes

The number of bytes of HTTP request data the appliance received from the browser

non-string

Yes

 

time-taken

The time in seconds it took appliance resources to deal with the request

non-string

Yes

 

cs(User-Agent)

The User-Agent HTTP request header value the browser sent to the appliance

string

Yes

 

cs(Cookie)

The Cookie HTTP request header value the browser sent to the appliance

string

Yes

The appliance doesn't cache cookie information.

cs(Referer)

The Referer HTTP request header value the browser sent to the appliance

string

Yes

The appliance reads the field header as it is.

cs(X-Forwarded-For)

The X-Forwarded-For HTTP request header value the browser sent to the appliance

string

Yes

Do not confuse this with the X-Forwarded-For option that causes the appliance to generate or forward headers to upstream proxies or Web servers.

cached

The value indicating whether the request was filled from cache

non-string

Yes

1 = filled from cache

0 = not filled from cache

x-fill-proxy-ip

The IP address of the upstream proxy

non-string

Yes

Assumes the appliance is configured with an upstream proxy and fetched the request from that proxy

x-origin-ip

The IP address of the origin server

non-string

Yes

Assumes the appliance fetched the request directly from the origin server