Filter
Top Products
20.11 Security Log
293
• 192.168.64.64 — IP address of the client (i.e. of the host from which the client is
connected to the website)
• TCP_MISS — the TCP protocol was used and the particular object was not found in
the cache (“missed”). WinRoute always uses this value for this field.
• 304 — return code of the HTTP protocol
• 0 — transferred data amount in bytes (HTTP object size)
• GET http://www.squid-cache.org/ — the HTTP request (HTTP method and URL
of the object)
• DIRECT — the WWW server access method (WinRoute always uses DIRECT access)
• 206.168.0.9 — IP address of the WWW server
20.11 Security Log
A log for security-related messages. Records of the following types may appear in the
log:
1. Anti-spoofing log records
Messages about packets that where captured by the Anti-spoofing module (packets
with invalid source IP address — see section 15.2 for details)
Example:
[17/Jul/2003 11:46:38] Anti-Spoofing:
Packet from LAN, proto:TCP, len:48,
ip/port:61.173.81.166:1864 -> 195.39.55.10:445,
flags: SYN , seq:3819654104 ack:0, win:16384, tcplen:0
• packet from — packet direction (either from, i.e. sent via the interface, or to,
i.e. received via the interface)
• LAN — interface name (see chapter 5.1 for details)
• proto: — transport protocol (TCP, UDP, etc.)
• len: — packet size in bytes (including the headers) in bytes
• ip/port: — source IP address, source port, destination IP address and destina-
tion port