Broadcom Header Formats
This table provides information on Broadcom log file headers used in Content Security Reporter and the necessary modifications to correctly parse the data. Some cells remain intentionally empty.
Format in Extended Log File | Custom | Content Policy Language | Description |
---|---|---|---|
c-ip | %a | IP address of the client. | |
cs-bytes | Number of bytes sent from client to appliance. | ||
cs-categories | All content categories of the request URL. | ||
cs-categories-broadcom | All content categories of the request URL that are defined by Broadcom Web Filter. | ||
cs-categories-external | All content categories of the request URL that are defined by an external service. | ||
cs-categories-local |
All content categories of the request URL that are defined by a local database. | ||
cs-categories-policy |
All content categories of the request URL that are defined by CPL. | ||
cs-categories-provider |
All content categories of the request URL that are defined by the current third-party provider. | ||
cs-categories-qualified |
All content categories of the request URL, qualified by the provider of the category. | ||
cs-category |
Single content category of the request URL (such as sc-filter-category). | ||
cs-host |
%v |
Host name from the client’s request URL. If URL rewrite policies are used, this field’s value is derived from the log URL. | |
cs-method |
Request method used from client to appliance. |
||
cs-request-line |
First line of the client’s request. |
||
c-dns |
%h |
Host name of the client (using the client’s IP address to avoid reverse DNS). |
|
cs-uri |
|
|
|
cs-uri-address |
|
|
|
cs-uri-categories |
All content categories of the request URL. |
||
cs-uri-categories-broadcom |
All content categories of the request URL that are defined by Broadcom Web Filter. | ||
cs-uri-categories-external |
All content categories of the request URL that are defined by an external service. | ||
cs-uri-categories-local |
All content categories of the request URL that are defined by a local database. | ||
cs-uri-categories-policy |
All content categories of the request URL that are defined by CPL. | ||
cs-uri-categories-provider |
All content categories of the request URL that are defined by the current third-party provider. | ||
cs-uri-categories-qualified |
All content categories of the request URL, qualified by the provider of the category. | ||
cs-uri-category |
Single content category of the request URL (such as sc-filter-category). | ||
cs-uri-host |
|
|
|
cs-uri-hostname |
|
|
|
cs-uri-path |
|
|
|
cs-uri-pathquery |
|
|
|
cs-uri-port |
|
|
|
cs-uri-query |
|
|
|
cs-uri-scheme |
|
|
|
cs-uri-stem |
NOTE: The stem includes everything up to the end path, but does not include the query. |
||
cs-user |
%u |
Qualified user name for NTLM; relative user name for other protocols. | |
cs-userdn |
Full user name of a client authenticated to the proxy (fully distinguished). |
||
cs-username |
Full user name of a client authenticated to the proxy (fully distinguished). |
||
date |
%x |
date.utc |
GMT date in YYYY-MM-DD format. |
gmttime |
%t |
GMT date and time of the user request in [DD/MM/YYYY:hh:mm:ss GMT] format. |
|
localtime |
%L |
Local date and time of the user request in [DD/MMM/YYYY:hh:mm:ss +nnnn] format. |
|
rs(Content-Type) |
%c |
response.header.Content-Type |
Response header: Content-type. |
sc-bodylength |
Number of bytes in the body (excludes header) sent from appliance to client. |
||
sc-bytes |
%b |
Number of bytes sent from appliance to client. |
|
sc-filter-category |
%f |
Content filtering category of the request URL. | |
sc-filter-result |
%W |
Content filtering result: Denied, Proxied, or Observed. | |
sc-headerlength |
Number of bytes in the header sent from appliance to client. |
||
sc-status |
%s |
Protocol status code from appliance to client. |
|
time |
%y |
time.utc |
UTC (GMT) time in HH:MM:SS format. |
timestamp |
%g |
Unix type time stamp. |
|
x-cache-user |
Relative user name of a client authenticated to the proxy (not fully distinguished, same as csusername). |
||
x-client-address |
IP address of the client. |
||
x-client-ip |
IP address of the client. |
||
x-cs-dns |
client.host |
The host name of the client obtained through reverse DNS. |
|
x-cs-http-method |
http.method |
HTTP request method used from client to appliance. Empty for non-HTTP transactions. |
|
x-cs-userauthorization-name |
user.authorization_name |
User name used to authorize a client authenticated to the proxy. |
|
x-cs-user-credentialname |
user.credential_name |
User name entered by the user to authenticate to the proxy. |
|
x-cs-user-loginaddress |
user.login.address |
The IP address that the user was authenticated in. |
|
x-cs-username-or-ip |
Used to identify the user using either their authenticated proxy user name, or if that is unavailable, their IP address. |
||
x-sc-http-status |
http.response.code |
HTTP response code sent from appliance to client. |
|
x-virus-id |
icap_virus_id |
Identifier of a virus if one was detected. |