Network Prevent for Web Access Log Files and Fields
Network Prevent for Web
Access Log Files and FieldsNetwork Prevent for Web
log file names use the format of WebPrevent_AccessX
.log (where X
is a number). The number of files that are stored and their sizes can be specified by changing the values in the FileReaderLogging.properties
file. By default, the values are: - com.vontu.icap.log.IcapAccessLogHandler.limit = 5000000
- com.vontu.icap.log.IcapAccessLogHandler.count = 5
A
Network Prevent for Web
access log is similar to a proxy server’s web access log. The “start” log message format is: # Web Prevent starting: start_time
Where start_time format is
date:time
, for example: 13/Aug/2018:03:11:22:015-0700
.The description message format is:
# host_ip "auth_user" time_stamp "request_line" icap_status_code request_size "referer" "user_agent" processing_time(ms) conn_id client_ip client_port action_code icap_method_code traffic_source_code
Network Prevent for Web
access log fields lists the fields. The values of fields that are enclosed in quotes in this example are quoted in an actual message. If field values cannot be determined, the message displays -
or ""
as a default value.Field | Explanation |
|---|---|
host_ip | IP address of the host that made the request. |
auth_user | Authorized user for this request. |
time_stamp | Time that Network Prevent for Web receives the request. |
request_line | Line that represents the request. |
icap_status_code | ICAP response code that Network Prevent for Web sends by for this request. |
request_size | Request size in bytes. |
referrer | Header value from the request that contains the URI from which this request came. |
user_agent | User agent that is associated with the request. |
processing_time (milliseconds) | Request processing time in milliseconds. This value is the total of the receiving, content inspection, and sending times. |
conn_id | Connection ID associated with the request. |
client_ip | IP of the ICAP client (proxy). |
client_port | Port of the ICAP client (proxy). |
action_code | An integer representing the action that Network Prevent for Web takes. Where the action code is one of the following:
|
icap_method_code | An integer representing the ICAP method that is associated with this request. Where the ICAP method code is one of the following:
|
traffic_source_code | An integer that represents the source of the network traffic. Where the traffic source code is one of the following:
|