Why do access logs in NCSA format sometimes have the host name in a URL and other times it is missing?
NCSA is a reserved access log format on the ProxySG that cannot be edited. The NCSA/Common format contains the following strings:
remotehost rfc931 authuser [date] "request" status bytes
The ELFF/custom access log format strings that represent the strings above are:
$(c-ip) - $(cs-username) $(localtime) $(cs-request-line) $(sc-status) $(sc-bytes)
The variable that displays the URL in the access log is "request" or "cs-request-line". This is the request line of the GET request sent by the client. Since in a transparent proxy mode the host name is not present in the request line of the GET request but instead is only found in the host header, the
If you have access logs in NCSA format or any format that contains "cs-request-line" and you are seeing some entries with the host name and others without, it may be caused by having a mixed deployment mode environment (some users transparently intercepted and others explicitly). You will also see this difference if you move a proxy from one deployment mode to another.
If you are facing a problem with this as you have transparently intercepted users and need the logs to display the host name you can create a custom format on the ProxySG that consists of the ELFF format strings above and include "cs-host" which will display the host name of the request and associate log to this custom format. For more information on creating a custom access log see the Configuration Management Guide Volume 8 SGOS 5.x or Chapter 20 for SGOS 4.x. (available at https://bto.bluecoat.com/documentation)
Rate this Page
Please take a moment to complete this form to help us better serve you.