Kerio Tech KERIO WINROUTE FIREWALL 6 ユーザーズマニュアル
22.10 Http log
277
Packet log example
[16/Apr/2008 10:51:00] PERMIT ’Local traffic’ packet to LAN,
proto:TCP, len:47, ip/port:195.39.55.4:41272 ->
192.168.1.11:3663, flags:
ACK PSH, seq:1099972190
ack:3795090926, win:64036, tcplen:7
•
[16/Apr/2008 10:51:00]
— date and time when the event was logged
•
PERMIT
— action that was executed with the packet (PERMIT, DENY or DROP)
•
Local traffic
— the name of the traffic rule that was matched by the packet
•
packet to
— packet direction (either to or from a particular interface)
•
LAN
— interface name (see chapter
for details)
•
proto:
— transport protocol (TCP, UDP, etc.)
•
len:
— packet size in bytes (including the headers) in bytes
•
ip/port:
— source IP address, source port, destination IP address and destination
port
•
flags:
— TCP flags
•
seq:
— sequence number of the packet (TCP only)
•
ack:
— acknowledgement sequence number (TCP only)
•
win:
— size of the receive window in bytes (it is used for data flow control — TCP
only)
•
tcplen:
— TCP payload size (i.e. size of the data part of the packet) in bytes (TCP
only)
22.10 Http log
This log contains all HTTP requests that were processed by the HTTP inspection module (see
section
) or by the built-in proxy server (see section
). The log has the standard format
of either the Apache WWW server (see
) or of the Squid proxy server
(see
). The enable or disable the Http log, or to choose its
format, go toConfiguration → Content Filtering → HTTP Policy (refer to section
for details).
Note:
1.
Only accesses to allowed pages are recorded in the HTTP log. Request that were blocked
by HTTP rules are logged to the Filter log (see chapter
), if the Log option is enabled
in the particular rule (see section
).
2.
The Http log is intended to be processes by external analytical tools. The Web log (see
bellow) is better suited to be viewed by the WinRoute administrator.