Novell Documentation: Volera Excelerator 2.3 - About Extended Log Field Headers

About Extended Log Field Headers

The following information about field values in extended log files might help you interpret the content of the files:

Fields within the file are delimited by the tab character.
A field is of two types: string and non-string.
String fields are enclosed in quotation marks (").
If a string field contains a quotation mark, that character is repeated once for every occurrence to enable unambiguous file parsing.
If a string field has no value, it is represented by two quotation marks ("").
Non-string fields containing no value are represented by a hyphen (-).
Field headers starting with s- are associated with the appliance.
Field headers starting with c- are associated with the client/browser.
Field headers starting with sc are associated with flow from the appliance to the client/browser.
Field headers starting with cs are associated with flow from the client/browser to the appliance.

The information in the following table is supplementary to the W3C Extended Log Format Specification found on the Extended Log File Format Web site. You might find it useful for interpreting the content of extended log field headers.

Name	Description	Type	Selectable	Comments
date	GMT date in YYYY-MM-DD format	non-string	No
time	GMT time in HH:MM:SS format	non-string	No
c-ip	Client (browser) IP address	non-string	No
cs-authname	Username if applicable	non-string	Yes
s-ip	The appliance IP address	non-string	Yes
s-sitename	Reverse proxy or accelerator site name	non-string	Yes
cs-method	The HTTP method the browser sent to the appliance	non-string	Yes
cs-uri	The HTTP URL the browser sent to the appliance	non-string	Yes	The URL must not have spaces per the HTTP specification.
cs-uri-stem	The stem portion of the HTTP URL the browser sent to the appliance	non-string	Yes	The URL stem is everything up to the first question mark (?). If the URL has no question mark, the cs-uri-stem is the same as the cs-uri. This field is redundant if cs-uri is selected.
cs-uri-query	The query portion of the HTTP URL the browser sent to the appliance	non-string	Yes	The query portion is the first question mark through the end of the URL. If the URL has no question mark, cs-uri-query has no value. This field is redundant if cs-uri is selected.
c-version	The HTTP version specified in the URL the browser sent to the appliance	non-string	Yes
sc-status	The HTTP status code the appliance sent to the browser	non-string	Yes
sc-bytes	The number of bytes of HTTP response data the appliance sent to the browser	non-string	Yes
cs-bytes	The number of bytes of HTTP request data the appliance received from the browser	non-string	Yes
time-taken	The time in seconds it took appliance resources to deal with the request	non-string	Yes
cs(User-Agent)	The User-Agent HTTP request header value the browser sent to the appliance	string	Yes
cs(Cookie)	The Cookie HTTP request header value the browser sent to the appliance	string	Yes	The appliance doesn't cache cookie information.
cs(Referer)	The Referer HTTP request header value the browser sent to the appliance	string	Yes	The appliance reads the field header as it is.
cs(X-Forwarded-For)	The X-Forwarded-For HTTP request header value the browser sent to the appliance	string	Yes	Do not confuse this with the X-Forwarded-For option that causes the appliance to generate or forward headers to upstream proxies or Web servers.
cached	The value indicating whether the request was filled from cache	non-string	Yes	1 = filled from cache 0 = not filled from cache
x-fill-proxy-ip	The IP address of the upstream proxy	non-string	Yes	Assumes the appliance is configured with an upstream proxy and fetched the request from that proxy
x-origin-ip	The IP address of the origin server	non-string	Yes	Assumes the appliance fetched the request directly from the origin server