Kerio Tech Firewall6 Network Router User Manual


 
20.10 Http log
291
Example of a traffic rule log message:
[16/Apr/2003 10:51:00] PERMIT ’Local traffic’ packet to LAN,
proto:TCP, len:47, ip/port:195.39.55.4:41272 ->
192.168.1.11:3663, flags: ACK PSH , seq:1099972190
ack:3795090926, win:64036, tcplen:7
[16/Apr/2003 10:51:00] date and time when the event was logged
PERMIT action that was executed with the packet (PERMIT, DENY or DROP)
Local traffic —the name of the traffic rule that was applied
packet to packet direction (either to or from a particular interface)
LAN interface name (see chapter 5.1 for details)
proto: transport protocol (TCP, UDP, etc.)
len: packet size in bytes (including the headers) in bytes
ip/port: source IP address, source port, destination IP address and destination
port
flags: TCP flags
seq: sequence number of the packet (TCP only)
ack: acknowledgement sequence number (TCP only)
win: size of the receive window in bytes (it is used for data flow control TCP
only)
tcplen: TCP payload size (i.e. size of the data part of the packet) in bytes (TCP
only)
20.10 Http log
This log contains all HTTP requests that were processed by the HTTP inspection mod-
ule (see section 12.3) or by the built-in proxy server (see section 5.5). The log has the
standard format of either the Apache WWW server (see
http://www.apache.org/) or
of the Squid proxy server (see http://www.squid-cache.org/). The enable or disable
the Http log, or to choose its format, go toConfiguration Content Filtering HTTP
Policy (refer to section 10.2 for details).