The following information about field values in extended log files might help you interpret the content of the files:
The information in the following table is supplementary to the W3C Extended Log Format Specification found on the Extended Log File Format Web site. You might find it useful for interpreting the content of extended log field headers.
date |
GMT date in YYYY-MM-DD format |
non-string |
No |
|
time |
GMT time in HH:MM:SS format |
non-string |
No |
|
c-ip |
Client (browser) IP address |
non-string |
No |
|
cs-authname |
Username if applicable |
non-string |
Yes |
|
s-ip |
The appliance IP address |
non-string |
Yes |
|
s-sitename |
Reverse proxy or accelerator site name |
non-string |
Yes |
|
cs-method |
The HTTP method the browser sent to the appliance |
non-string |
Yes |
|
cs-uri |
The HTTP URL the browser sent to the appliance |
non-string |
Yes |
The URL must not have spaces per the HTTP specification. |
cs-uri-stem |
The stem portion of the HTTP URL the browser sent to the appliance |
non-string |
Yes |
The URL stem is everything up to the first question mark (?). If the URL has no question mark, the cs-uri-stem is the same as the cs-uri. This field is redundant if cs-uri is selected. |
cs-uri-query |
The query portion of the HTTP URL the browser sent to the appliance |
non-string |
Yes |
The query portion is the first question mark through the end of the URL. If the URL has no question mark, cs-uri-query has no value. This field is redundant if cs-uri is selected. |
c-version |
The HTTP version specified in the URL the browser sent to the appliance |
non-string |
Yes |
|
sc-status |
The HTTP status code the appliance sent to the browser |
non-string |
Yes |
|
sc-bytes |
The number of bytes of HTTP response data the appliance sent to the browser |
non-string |
Yes |
|
cs-bytes |
The number of bytes of HTTP request data the appliance received from the browser |
non-string |
Yes |
|
time-taken |
The time in seconds it took appliance resources to deal with the request |
non-string |
Yes |
|
cs(User-Agent) |
The User-Agent HTTP request header value the browser sent to the appliance |
string |
Yes |
|
cs(Cookie) |
The Cookie HTTP request header value the browser sent to the appliance |
string |
Yes |
The appliance doesn't cache cookie information. |
cs(Referer) |
The Referer HTTP request header value the browser sent to the appliance |
string |
Yes |
The appliance reads the field header as it is. |
cs(X-Forwarded-For) |
The X-Forwarded-For HTTP request header value the browser sent to the appliance |
string |
Yes |
Do not confuse this with the X-Forwarded-For option that causes the appliance to generate or forward headers to upstream proxies or Web servers. |
cached |
The value indicating whether the request was filled from cache |
non-string |
Yes |
1 = filled from cache 0 = not filled from cache |
x-fill-proxy-ip |
The IP address of the upstream proxy |
non-string |
Yes |
Assumes the appliance is configured with an upstream proxy and fetched the request from that proxy |
x-origin-ip |
The IP address of the origin server |
non-string |
Yes |
Assumes the appliance fetched the request directly from the origin server |