Fixed-field Log Formats

Last updated
Save as PDF

The following table provides information about supported log file formats that are not automatic-discover in Content Security Reporter. This table includes examples of the expected header information found in the corresponding log file format.

WARNING: Any deviation from the expected field format can result in inaccurate reports.

Log File Type	Expected Formats	Examples
Secure Web Gateway	"user_id", "username", "source_ip", "http_action", "server_to_client_bytes", "client_to_server_bytes", "requested_host", "requested_path", "result", "virus", "request_timestamp_epoch", "request_timestamp_formatted", "uri_scheme", "category"	"47877615", "user1@webreporter.com", "192.168.0.1", "GET", "664", "2837", "www.myspace.com", "/", "DENIED", "", "1319501356", "2011-10-24 18:09:16-06", "http", "Social Networking"
Email and Web Security Format (Web)	tv_sec.(tv_usec/1000) cache_msec client_ip cache_code/http_code cache_size method_str url user hier_code/hier_host content_type sf_action "sf_cats"	1085754420.626 1 192.168.0.1 TCP_DENIED/403 0 GET http://www.msn.com/ sjones ONE/- - DENY "Portal Sites"
SiteAdvisor Enterprise Format	DetectedUTC EventTypeID CategoriesShortName URL ActionID RatingID ReasonId AgentGUID User MachineName PhishingFacet DownloadsFacet SpamFacet PopupsFacet BadlinkerFacet ExploitFacet IP MIMEType	2009-01-01T14:31:12 18600 rb http://www.0d6b214aaafe- 42e9-a150-c237c86cd959.com/a9cf15e0- c151-408a-a8b2-fb31debd8e7c.html 1 1 9 ef4a3a5b-773b-467f-af1f-f1ddb0f5ba31 sara machine1 6 3 6 6 1 6 192.168.0.1 text/html
Firewall Enterprise (Sidewinder) SFv4 - Text Format	client_ip - user_1 [time_stamp] "GET url" http_status sf_action sf_cats	192.168.0.1 - jlock [28/Jun/2004:11:44:54] "GET http://www.msn.com" 403 COACH "Portal Sites"
SmartFilter IFP SFv4 - Text Format	client_ip - user_1 [time_stamp] "GET url" http_status sf_action sf_cats	192.168.0.1 - imanderson [28/Jun/ 2004:11:44:54] "GET http://www.msn.com" 403 COACH "Portal Sites"

Log File Type

Expected Formats

Examples

Secure Web Gateway

"user_id", "username", "source_ip",

"http_action", "server_to_client_bytes",

"client_to_server_bytes", "requested_host",

"requested_path", "result",

"virus", "request_timestamp_epoch",

"request_timestamp_formatted", "uri_scheme",

"category"

"47877615", "user1@webreporter.com",

"192.168.0.1", "GET", "664", "2837",

"www.myspace.com", "/", "DENIED", "",

"1319501356", "2011-10-24 18:09:16-06",

"http", "Social Networking"

Email and Web Security Format (Web)

tv_sec.(tv_usec/1000) cache_msec client_ip

cache_code/http_code cache_size method_str

url user hier_code/hier_host content_type

sf_action "sf_cats"

1085754420.626 1 192.168.0.1

TCP_DENIED/403 0 GET http://www.msn.com/

sjones ONE/- - DENY "Portal Sites"

SiteAdvisor Enterprise Format

DetectedUTC EventTypeID

CategoriesShortName URL ActionID RatingID

ReasonId AgentGUID User MachineName

PhishingFacet DownloadsFacet SpamFacet

PopupsFacet BadlinkerFacet ExploitFacet IP

MIMEType

2009-01-01T14:31:12 18600

rb http://www.0d6b214aaafe-

42e9-a150-c237c86cd959.com/a9cf15e0-

c151-408a-a8b2-fb31debd8e7c.html 1 1 9

ef4a3a5b-773b-467f-af1f-f1ddb0f5ba31 sara

machine1 6 3 6 6 1 6 192.168.0.1 text/html

Firewall Enterprise (Sidewinder) SFv4 - Text Format

client_ip - user_1 [time_stamp] "GET url"

http_status sf_action sf_cats

192.168.0.1 - jlock [28/Jun/2004:11:44:54]

"GET http://www.msn.com" 403 COACH

"Portal Sites"

SmartFilter IFP SFv4 - Text Format

client_ip - user_1 [time_stamp] "GET url"

http_status sf_action sf_cats

192.168.0.1 - imanderson [28/Jun/

2004:11:44:54] "GET http://www.msn.com"

403 COACH "Portal Sites"