Chapter 20 Logs
292
Notes:
1. Only accesses to allowed pages are recorded in the HTTP log. Request that were
blocked by HTTP rules are logged to the Filter log (see chapter 20.9), if the Log
option is enabled in the particular rule (see section 10.2).
2. The Http log is intended to be processes by external analytical tools. The Web log
(see bellow) is better suited to be viewed by the WinRoute administrator.
An example of Http log record that follows the Apache format:
[18/Apr/2003 15:07:17] 192.168.64.64 - rgabriel
[18/Apr/2003:15:07:17 +0200]
"GET http://www.kerio.com/ HTTP/1.1" 304 0 +4
• [18/Apr/2003 15:07:17] — date and time when the event was logged
• 192.168.64.64 — IP address of the client host
• rgabriel — name of the user authenticated through the firewall (a dash is displayed
if no user is authenticated through the client)
• [18/Apr/2003:15:07:17 +0200] — date and time of the HTTP request. The +0200
value represents time difference from the UTC standard (+2 hours are used in this
example — CET).
• GET — used HTTP method
• http://www.kerio.com — requested URL
• HTTP/1.1 — version of the HTTP protocol
• 304 — return code of the HTTP protocol
• 0 — size of the transferred object (file) in bytes
• +4 — count of HTTP requests transferred through the connection
An example of Http log record that follows the Squid format:
1058444114.733 0 192.168.64.64 TCP_MISS/304 0
GET http://www.squid-cache.org/ - DIRECT/206.168.0.9
• 1058444114.733 — timestamp (seconds and miliseconds since January 1st, 1970)
• 0 — download duration (not measured in WinRoute, always set to zero)