Broadcom Header Formats

Last updated
Save as PDF

This table provides information on Broadcom log file headers used in Content Security Reporter and the necessary modifications to correctly parse the data. Some cells remain intentionally empty.

Format in Extended Log File	Custom	Content Policy Language	Description
c-ip	%a		IP address of the client.
cs-bytes			Number of bytes sent from client to appliance.
cs-categories			All content categories of the request URL.
cs-categories-broadcom			All content categories of the request URL that are defined by Broadcom Web Filter.
cs-categories-external			All content categories of the request URL that are defined by an external service.
cs-categories-local			All content categories of the request URL that are defined by a local database.
cs-categories-policy			All content categories of the request URL that are defined by CPL.
cs-categories-provider			All content categories of the request URL that are defined by the current third-party provider.
cs-categories-qualified			All content categories of the request URL, qualified by the provider of the category.
cs-category			Single content category of the request URL (such as sc-filter-category).
cs-host	%v		Host name from the client’s request URL. If URL rewrite policies are used, this field’s value is derived from the log URL.
cs-method			Request method used from client to appliance.
cs-request-line			First line of the client’s request.
c-dns	%h		Host name of the client (using the client’s IP address to avoid reverse DNS).
cs-uri		url log_url	Original URL requested The log URL
cs-uri-address		url.address log_url.address	IP address from the original URL requested. DNS is used if the URL is expressed as a host name IP address from the log URL. DNS is used if URL uses a host name
cs-uri-categories			All content categories of the request URL.
cs-uri-categories-broadcom			All content categories of the request URL that are defined by Broadcom Web Filter.
cs-uri-categories-external			All content categories of the request URL that are defined by an external service.
cs-uri-categories-local			All content categories of the request URL that are defined by a local database.
cs-uri-categories-policy			All content categories of the request URL that are defined by CPL.
cs-uri-categories-provider			All content categories of the request URL that are defined by the current third-party provider.
cs-uri-categories-qualified			All content categories of the request URL, qualified by the provider of the category.
cs-uri-category			Single content category of the request URL (such as sc-filter-category).
cs-uri-host		url.host log_url.host	Host name from the original URL requested Host name from the log URL
cs-uri-hostname		url.hostname log_url.hostname	Host name from the original URL requested. RDNS is used if the URL is expressed as an IP address Host name from the log URL. RDNS is used if the URL uses an IP address
cs-uri-path	blank %U	url.path blank	Path of the original URL requested without query Path from the log URL without query
cs-uri-pathquery		url.pathquery log_url.pathquery	Path and query of the original URL requested Path and query from the log URL
cs-uri-port		url.port log_url.port	Port from the original URL requested Port from the log URL
cs-uri-query	blank %Q	url.query blank	Query from the original URL requested Query from the log URL
cs-uri-scheme		url.scheme log_url.scheme	Scheme of the original URL requested Scheme from the log URL
cs-uri-stem			Stem of the original URL requested Stem from the log URL NOTE: The stem includes everything up to the end path, but does not include the query.
cs-user	%u		Qualified user name for NTLM; relative user name for other protocols.
cs-userdn			Full user name of a client authenticated to the proxy (fully distinguished).
cs-username			Full user name of a client authenticated to the proxy (fully distinguished).
date	%x	date.utc	GMT date in YYYY-MM-DD format.
gmttime	%t		GMT date and time of the user request in [DD/MM/YYYY:hh:mm:ss GMT] format.
localtime	%L		Local date and time of the user request in [DD/MMM/YYYY:hh:mm:ss +nnnn] format.
rs(Content-Type)	%c	response.header.Content-Type	Response header: Content-type.
sc-bodylength			Number of bytes in the body (excludes header) sent from appliance to client.
sc-bytes	%b		Number of bytes sent from appliance to client.
sc-filter-category	%f		Content filtering category of the request URL.
sc-filter-result	%W		Content filtering result: Denied, Proxied, or Observed.
sc-headerlength			Number of bytes in the header sent from appliance to client.
sc-status	%s		Protocol status code from appliance to client.
time	%y	time.utc	UTC (GMT) time in HH:MM:SS format.
timestamp	%g		Unix type time stamp.
x-cache-user			Relative user name of a client authenticated to the proxy (not fully distinguished, same as csusername).
x-client-address			IP address of the client.
x-client-ip			IP address of the client.
x-cs-dns		client.host	The host name of the client obtained through reverse DNS.
x-cs-http-method		http.method	HTTP request method used from client to appliance. Empty for non-HTTP transactions.
x-cs-userauthorization-name		user.authorization_name	User name used to authorize a client authenticated to the proxy.
x-cs-user-credentialname		user.credential_name	User name entered by the user to authenticate to the proxy.
x-cs-user-loginaddress		user.login.address	The IP address that the user was authenticated in.
x-cs-username-or-ip			Used to identify the user using either their authenticated proxy user name, or if that is unavailable, their IP address.
x-sc-http-status		http.response.code	HTTP response code sent from appliance to client.
x-virus-id		icap_virus_id	Identifier of a virus if one was detected.