Network Prevent for Web access log files and fields

Network Prevent for Web
Access Log Files and Fields

Network Prevent for Web
log file names use the format of WebPrevent_Access
X
.log (where
X
is a number). The number of files that are stored and their sizes can be specified by changing the values in the
FileReaderLogging.properties
file. By default, the values are:
  • com.vontu.icap.log.IcapAccessLogHandler.limit = 5000000
  • com.vontu.icap.log.IcapAccessLogHandler.count = 5
A
Network Prevent for Web
access log is similar to a proxy server’s web access log. The “start” log message format is:
# Web Prevent starting: start_time
Where start_time format is
date:time
, for example:
13/Aug/2018:03:11:22:015-0700
.
The description message format is:
# host_ip "auth_user" time_stamp "request_line" icap_status_code request_size "referer" "user_agent" processing_time(ms) conn_id client_ip client_port action_code icap_method_code traffic_source_code
Network Prevent for Web
access log fields
lists the fields. The values of fields that are enclosed in quotes in this example are quoted in an actual message. If field values cannot be determined, the message displays
-
or
""
as a default value.
Network Prevent for Web
access log fields
Field
Explanation
host_ip
IP address of the host that made the request.
auth_user
Authorized user for this request.
time_stamp
Time that
Network Prevent for Web
receives the request.
request_line
Line that represents the request.
icap_status_code
ICAP response code that
Network Prevent for Web
sends by for this request.
request_size
Request size in bytes.
referrer
Header value from the request that contains the URI from which this request came.
user_agent
User agent that is associated with the request.
processing_time (milliseconds)
Request processing time in milliseconds. This value is the total of the receiving, content inspection, and sending times.
conn_id
Connection ID associated with the request.
client_ip
IP of the ICAP client (proxy).
client_port
Port of the ICAP client (proxy).
action_code
An integer representing the action that
Network Prevent for Web
takes. Where the action code is one of the following:
  • 0 = UNKNOWN
  • 1 = ALLOW
  • 2 = BLOCK
  • 3 = REDACT
  • 4 = ERROR
  • 5 = ALLOW_WITHOUT_INSPECTION
  • 6 = OPTIONS_RESPONSE
  • 7 = REDIRECT
icap_method_code
An integer representing the ICAP method that is associated with this request. Where the ICAP method code is one of the following:
  • -1 = ILLEGAL
  • 0 = OPTIONS
  • 1 = REQMOD
  • 2 = RESPMOD
  • 3 = LOG
traffic_source_code
An integer that represents the source of the network traffic. Where the traffic source code is one of the following:
  • 1 = WEB
  • 2 = UNKNOWN