Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Broadcom Header Formats

This table provides information on Broadcom log file headers used in Content Security Reporter and the necessary modifications to correctly parse the data. Some cells remain intentionally empty.

Format in Extended Log File Custom Content Policy Language Description
c-ip %a   IP address of the client.
cs-bytes     Number of bytes sent from client to appliance.
cs-categories     All content categories of the request URL.
cs-categories-broadcom     All content categories of the request URL that are defined by Broadcom Web Filter.
cs-categories-external     All content categories of the request URL that are defined by an external service.

cs-categories-local

    All content categories of the request URL that are defined by a local database.

cs-categories-policy

    All content categories of the request URL that are defined by CPL.

cs-categories-provider

    All content categories of the request URL that are defined by the current third-party provider.

cs-categories-qualified

    All content categories of the request URL, qualified by the provider of the category.

cs-category

    Single content category of the request URL (such as sc-filter-category).

cs-host

%v

  Host name from the client’s request URL. If URL rewrite policies are used, this field’s value is derived from the log URL.

cs-method

   

Request method used from client to appliance.

cs-request-line

   

First line of the client’s request.

c-dns

%h

 

Host name of the client (using the client’s IP address to avoid reverse DNS).

cs-uri

 
  • url
  • log_url
  • Original URL requested
  • The log URL

cs-uri-address

 
  • url.address
  • log_url.address
  • IP address from the original URL requested. DNS is used if the URL is expressed as a host name
  • IP address from the log URL. DNS is used if URL uses a host name

cs-uri-categories

   

All content categories of the request URL.

cs-uri-categories-broadcom

    All content categories of the request URL that are defined by Broadcom Web Filter.

cs-uri-categories-external

    All content categories of the request URL that are defined by an external service.

cs-uri-categories-local

    All content categories of the request URL that are defined by a local database.

cs-uri-categories-policy

    All content categories of the request URL that are defined by CPL.

cs-uri-categories-provider

    All content categories of the request URL that are defined by the current third-party provider.

cs-uri-categories-qualified

    All content categories of the request URL, qualified by the provider of the category.

cs-uri-category

    Single content category of the request URL (such as sc-filter-category).

cs-uri-host

 
  • url.host
  • log_url.host
  • Host name from the original URL requested
  • Host name from the log URL

cs-uri-hostname

 
  • url.hostname
  • log_url.hostname
  • Host name from the original URL requested. RDNS is used if the URL is expressed as an IP address
  • Host name from the log URL. RDNS is used if the URL uses an IP address

cs-uri-path

  • blank
  • %U
  • url.path
  • blank
  • Path of the original URL requested without query
  • Path from the log URL without query

cs-uri-pathquery

 
  • url.pathquery
  • log_url.pathquery
  • Path and query of the original URL requested
  • Path and query from the log URL

cs-uri-port

 
  • url.port
  • log_url.port
  • Port from the original URL requested
  • Port from the log URL

cs-uri-query

  • blank
  • %Q
  • url.query
  • blank
  • Query from the original URL requested
  • Query from the log URL

cs-uri-scheme

 
  • url.scheme
  • log_url.scheme
  • Scheme of the original URL requested
  • Scheme from the log URL

cs-uri-stem

   
  • Stem of the original URL requested
  • Stem from the log URL

NOTE: The stem includes everything up to the end path, but does not include the query.

cs-user

%u

  Qualified user name for NTLM; relative user name for other protocols.

cs-userdn

   

Full user name of a client authenticated to the proxy (fully distinguished).

cs-username

   

Full user name of a client authenticated to the proxy (fully distinguished).

date

%x

date.utc

GMT date in YYYY-MM-DD format.

gmttime

%t

 

GMT date and time of the user request in [DD/MM/YYYY:hh:mm:ss GMT] format.

localtime

%L

 

Local date and time of the user request in [DD/MMM/YYYY:hh:mm:ss +nnnn] format.

rs(Content-Type)

%c

response.header.Content-Type

Response header: Content-type.

sc-bodylength

   

Number of bytes in the body (excludes header) sent from appliance to client.

sc-bytes

%b

 

Number of bytes sent from appliance to client.

sc-filter-category

%f

  Content filtering category of the request URL.

sc-filter-result

%W

  Content filtering result: Denied, Proxied, or Observed.

sc-headerlength

   

Number of bytes in the header sent from appliance to client.

sc-status

%s

 

Protocol status code from appliance to client.

time

%y

time.utc

UTC (GMT) time in HH:MM:SS format.

timestamp

%g

 

Unix type time stamp.

x-cache-user

   

Relative user name of a client authenticated to the proxy (not fully distinguished, same as csusername).

x-client-address

   

IP address of the client.

x-client-ip

   

IP address of the client.

x-cs-dns

 

client.host

The host name of the client obtained through reverse DNS.

x-cs-http-method

 

http.method

HTTP request method used from client to appliance. Empty for non-HTTP transactions.

x-cs-userauthorization-name

 

user.authorization_name

User name used to authorize a client authenticated to the proxy.

x-cs-user-credentialname

 

user.credential_name

User name entered by the user to authenticate to the proxy.

x-cs-user-loginaddress

 

user.login.address

The IP address that the user was authenticated in.

x-cs-username-or-ip

   

Used to identify the user using either their authenticated proxy user name, or if that is unavailable, their IP address.

x-sc-http-status

 

http.response.code

HTTP response code sent from appliance to client.

x-virus-id

 

icap_virus_id

Identifier of a virus if one was detected.

 

  • Was this article helpful?