Filter
Top Products
20.10 Http log
291
Example of a traffic rule log message:
[16/Apr/2003 10:51:00] PERMIT ’Local traffic’ packet to LAN,
proto:TCP, len:47, ip/port:195.39.55.4:41272 ->
192.168.1.11:3663, flags: ACK PSH , seq:1099972190
ack:3795090926, win:64036, tcplen:7
• [16/Apr/2003 10:51:00] — date and time when the event was logged
• PERMIT — action that was executed with the packet (PERMIT, DENY or DROP)
• Local traffic —the name of the traffic rule that was applied
• packet to — packet direction (either to or from a particular interface)
• LAN — interface name (see chapter 5.1 for details)
• proto: — transport protocol (TCP, UDP, etc.)
• len: — packet size in bytes (including the headers) in bytes
• ip/port: — source IP address, source port, destination IP address and destination
port
• flags: — TCP flags
• seq: — sequence number of the packet (TCP only)
• ack: — acknowledgement sequence number (TCP only)
• win: — size of the receive window in bytes (it is used for data flow control — TCP
only)
• tcplen: — TCP payload size (i.e. size of the data part of the packet) in bytes (TCP
only)
20.10 Http log
This log contains all HTTP requests that were processed by the HTTP inspection mod-
ule (see section 12.3) or by the built-in proxy server (see section 5.5). The log has the
standard format of either the Apache WWW server (see
http://www.apache.org/) or
of the Squid proxy server (see http://www.squid-cache.org/). The enable or disable
the Http log, or to choose its format, go toConfiguration → Content Filtering → HTTP
Policy (refer to section 10.2 for details).