Security log, 11 security log – Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual

Page 278

Advertising
background image

Chapter 22

Logs

278

An example of an HTTP log record in the Apache format

192.168.64.64 - jflyaway

[18/Apr/2008:15:07:17 +0200]

"GET http://www.kerio.com/ HTTP/1.1" 304 0 +4

192.168.64.64

— IP address of the client host

rgabriel

— name of the user authenticated through the firewall (a dash is displayed

if no user is authenticated through the client)

[18/Apr/2008:15:07:17 +0200]

— date and time of the HTTP request. The +0200

value represents time difference from the UTC standard (+2 hours are used in this

example — CET).

GET

— used HTTP method

http://www.kerio.com

— requested URL

HTTP/1.1

— version of the HTTP protocol

304

— return code of the HTTP protocol

0

— size of the transferred object (file) in bytes

+4

— count of HTTP requests transferred through the connection

An example of Http log record in the Squid format

1058444114.733 0 192.168.64.64 TCP_MISS/304 0

GET http://www.squid-cache.org/ - DIRECT/206.168.0.9

1058444114.733

— timestamp (seconds and milliseconds since January 1st, 1970)

0

— download duration (not measured in WinRoute, always set to zero)

192.168.64.64

— IP address of the client (i.e. of the host from which the client is

connected to the website)

TCP_MISS

— the TCP protocol was used and the particular object was not found in the

cache (“missed”). WinRoute always uses this value for this field.

304

— return code of the HTTP protocol

0

— transferred data amount in bytes (HTTP object size)

GET http://www.squid-cache.org/

— the HTTP request (HTTP method and URL of

the object)

DIRECT

— the WWW server access method (WinRoute always uses DIRECT access)

206.168.0.9

— IP address of the WWW server

22.11 Security Log

A log for security-related messages. Records of the following types may appear in the log:

1.

Anti-spoofing log records

Messages about packets that where captured by the Anti-spoofing module (packets with

invalid source IP address — see section

17.2

for details)

Advertising