Chapter 20 Logs

Notes:

1.Only accesses to allowed pages are recorded in the HTTP log. Request that were blocked by HTTP rules are logged to the Filter log (see chapter 20.9), if the Log option is enabled in the particular rule (see section 10.2).

2.The Http log is intended to be processes by external analytical tools. The Web log (see bellow) is better suited to be viewed by the WinRoute administrator.

An example of Http log record that follows the Apache format:

[18/Apr/2003 15:07:17] 192.168.64.64 - rgabriel [18/Apr/2003:15:07:17 +0200]

"GET http://www.kerio.com/ HTTP/1.1" 304 0 +4

[18/Apr/2003 15:07:17] — date and time when the event was logged

192.168.64.64 — IP address of the client host

rgabriel — name of the user authenticated through the firewall (a dash is displayed if no user is authenticated through the client)

[18/Apr/2003:15:07:17 +0200] — date and time of the HTTP request. The +0200 value represents time difference from the UTC standard (+2 hours are used in this example — CET).

GET — used HTTP method

http://www.kerio.com — requested URL

HTTP/1.1 — version of the HTTP protocol

304 — return code of the HTTP protocol

0 — size of the transferred object (file) in bytes

+4 — count of HTTP requests transferred through the connection

An example of Http log record that follows the Squid format:

1058444114.733 0 192.168.64.64 TCP_MISS/304 0

GET http://www.squid-cache.org/ - DIRECT/206.168.0.9

1058444114.733 — timestamp (seconds and miliseconds since January 1st, 1970)

0 — download duration (not measured in WinRoute, always set to zero)

292

Page 292
Image 292
Kerio Tech Firewall6 manual 1058444114.733 0 192.168.64.64 TCPMISS/304, 292