Http log, 10 http log – Kerio Tech Firewall6 User Manual

Chapter 22

Logs

304

•

Local traffic

— the name of the traffic rule that was matched by the packet

•

packet to

— packet direction (either to or from a particular interface)

•

LAN

— interface name (see chapter

5

for details)

•

proto:

— transport protocol (TCP, UDP, etc.)

•

len:

— packet size in bytes (including the headers) in bytes

•

ip/port:

— source IP address, source port, destination IP address and destination

port

•

flags:

— TCP flags

•

seq:

— sequence number of the packet (TCP only)

•

ack:

— acknowledgement sequence number (TCP only)

•

win:

— size of the receive window in bytes (it is used for data flow control — TCP

only)

•

tcplen:

— TCP payload size (i.e. size of the data part of the packet) in bytes (TCP

only)

22.10 Http log

This log contains all HTTP requests that were processed by the HTTP inspection module (see

section

14.3

) or by the built-in proxy server (see section

8.4

). The log has the standard format

of either the Apache WWW server (see

http://www.apache.org/

) or of the Squid proxy server

(see

http://www.squid-cache.org/

). The enable or disable the Http log, or to choose its

format, go toConfiguration → Content Filtering → HTTP Policy (refer to section

12.2

for details).

Note:

1.

Only accesses to allowed pages are recorded in the HTTP log. Request that were blocked

by HTTP rules are logged to the Filter log (see chapter

22.9

), if the Log option is enabled

in the particular rule (see section

12.2

).

2.

The Http log is intended to be processes by external analytical tools. The Web log (see

bellow) is better suited to be viewed by the WinRoute administrator.