You have downloaded access logs from the Web Security Service (WSS) and would like to understand the meaning of each field found in the logs.
The field names are included in order in a commented out line at the top of each log/text file downloaded from WSS. Please refer to the documentation here for further information on each access log field.
The beginning of a WSS access log is shown below for reference:
#Fields: date time time-taken c-ip cs-userdn cs-auth-groups x-exception-id sc-filter-result ear-cs-categories cs(referer) sc-status s-action cs-method rs(conte
nt-type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(user-agent) s-ip sc-bytes cs-bytes x-data-leak-detected x-virus-id x-bl
uecoat-location-name x-bluecoat-access-type x-bluecoat-application-name x-bluecoat-application-operation r-ip r-supplier-country x-rs-certificate-validate-stat
us x-rs-certificate-observed-errors x-cs-ocsp-error x-rs-ocsp-error x-rs-connection-negotiated-ssl-version x-rs-connection-negotiated-cipher x-rs-connection-ne
gotiated-cipher-size x-rs-certificate-hostname x-rs-certificate-hostname-categories x-cs-connection-negotiated-ssl-version x-cs-connection-negotiated-cipher x-
cs-connection-negotiated-cipher-size x-cs-certificate-subject cs-icap-status cs-icap-error-details rs-icap-status rs-icap-error-details x-cs-client-ip-country
cs-threat-risk x-rs-certificate-hostname-threat-risk x-client-agent-type x-client-os x-client-agent-sw x-client-device-id x-client-device-name x-client-device-
type x-client-security-posture-details x-client-security-posture-risk-score x-bluecoat-reference-id cs(x-requested-with) x-random-ipv6 x-bluecoat-transaction-u
uid x-bluecoat-appliance-name s-supplier-country s-supplier-failures s-supplier-ip x-bluecoat-location-id x-bluecoat-placeholder x-bluecoat-request-tenant-id x
-cloud-rs x-sc-connection-issuer-keyring x-sc-connection-issuer-keyring-alias