13.9. HTTP Log

13.9. HTTP Log
Prev	Chapter 13. Logs	Next

This log contains all HTTP requests that were processed by the HTTP inspection module (see section 8.3) or by the built-in proxy server (see section 4.5). The log has the standard format of either the Apache WWW server (see http://www.apache.org/) or of the Squid proxy server (see http://www.squid-cache.org/). The enable or disable the HTTP log, or to choose its format, go to Configuration/ContentFiltering/HTTP Policy (refer to section 6.1 for details).

Notes:

Only accesses to allowed pages are recorded in the HTTP log. Request that were blocked by HTTP rules are logged to the Filter log (see above), if the particular rule has the logging enabled (see section 6.1).
The HTTP log is intended to be processes by external analytical tools. The Web log (see bellow) is better suited to be viewed by the WinRoute administrator.

An example of HTTP log record that follows the Apache format:

[18/Apr/2003 15:07:17] 192.168.64.64 - rgabriel

[18/Apr/2003:15:07:17 +0200]

"GET http://www.kerio.com/ HTTP/1.1" 304 0 +4

[18/Apr/2003 15:07:17] — date and time when the event was logged
192.168.64.64 — IP address of the client host
rgabriel — name of the user authenticated through the firewall (a dash is displayed if no user is authenticated through the client)
[18/Apr/2003:15:07:17 +0200] — date and time of the HTTP request. The +0200 value represents time difference from the UTC standard (+2 hours are used in this example — CET).
GET — used HTTP method
http://www.kerio.com — requested URL
HTTP/1.1 — version of the HTTP protocol
304 — return code of the HTTP protocol
0 — size of the transferred object (file) in bytes
+4 — count of HTTP requests tranferred through the connection

An example of HTTP log record that follows the Squid format:

1058444114.733 0 192.168.64.64 TCP_MISS/304 0

GET http://www.squid-cache.org/ - DIRECT/206.168.0.9

1058444114.733 — timestamp (seconds and miliseconds since January 1st, 1970)
0 — download duration (not measured in WinRoute, always set to zero)
192.168.64.64 — client IP address
TCP_MISS — the TCP protocol was used and the particular object was not found in the cache (“missed”). WinRoute always uses this value for this field.
304 — HTTP response code
0 — trasferred data amount in bytes (HTTP object size)
GET http://www.squid-cache.org/ — the HTTP request (HTTP method and URL of the object)
DIRECT — the WWW server access method (WinRoute always uses direct access)
206.168.0.9 — IP address of the WWW server

Prev	Up	Next
13.8. Filter Log	Home	13.10. Security Log