Access Logs には、Unix時間のタイムスタンプが記録されています。
651248779.565 283 192.168.1.8 TCP_MISS/200 1722 GET http://www.example.com/ - DIRECT/www.example.com text/html CMF:1 DCF:0 ERR:0 DEFAULT_CASE_12-DefaultGroup-DefaultGroup-NONE-NONE-NONE-DefaultGroup-NONE <"IW_ref",5.1,1,"-",-,-,-,1,"-",-,-,-,"-",1,-,"-","-",-,-,"IW_ref",-,"-","Reference","-","Unknown","Unknown","-","-",48.68,0,-,"-","-",-,"-",-,-,"-","-",-,-,"-",-> - -
この例では、651248779.565がUnixタイムスタンプとなります。
人間が容易に理解できる形でタイムスタンプを記録するには、Access LogsのCustom Fieldsに %G を追加します。
GUI > System Administration > Log Subscriptions > accesslogs
設定変更後は、以下のように日時が追加されます。
651248779.565 283 192.168.1.8 TCP_MISS/200 1722 GET http://www.example.com/ - DIRECT/www.example.com text/html CMF:1 DCF:0 ERR:0 DEFAULT_CASE_12-DefaultGroup-DefaultGroup-NONE-NONE-NONE-DefaultGroup-NONE <"IW_ref",5.1,1,"-",-,-,-,1,"-",-,-,-,"-",1,-,"-","-",-,-,"IW_ref",-,"-","Reference","-","Unknown","Unknown","-","-",48.68,0,-,"-","-",-,"-",-,-,"-","-",-,-,"-",-> - - 30/Apr/2022:01:12:59 +0900
------------------------------------------------
参考: Customizing Access Logs
https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa_14-0/User-Guide/b_WSA_UserGuide_14_0/b_WSA_UserGuide_11_7_chapter_010101.html#con_1634099
If the list of predefined Access log and W3C log fields does not include all header information you want to log from HTTP/HTTPS transactions, you can type a user-defined log field in the Custom Fields text box when you configure the access and W3C log subscriptions.
%G
Human-readable timestamp.
------------------------------------------------