This log contains all HTTP requests that were processed by the HTTP inspection module (see section 14.3 Services) or by the built-in proxy server (see section 8.4 Proxy server). The log has the standard format of either the Apache WWW server (see http://www.apache.org/) or of the Squid proxy server (see http://www.squid-cache.org/). The enable or disable the Http log, or to choose its format, go toConfiguration → Content Filtering → HTTP Policy (refer to section 12.2 URL Rules for details).
Note:
Only accesses to allowed pages are recorded in the HTTP log. Request that were blocked by HTTP rules are logged to the Filter log (see chapter 22.9 Filter Log), if the Log option is enabled in the particular rule (see section 12.2 URL Rules).
The Http log is intended to be processes by external analytical tools. The Web log (see bellow) is better suited to be viewed by the WinRoute administrator.
192.168.64.64 - jflyaway [18/Apr/2008:15:07:17 +0200] "GET http://www.kerio.com/ HTTP/1.1" 304 0 +4
192.168.64.64
— IP address of the client host
rgabriel
— name of the user authenticated through the firewall (a dash is displayed if no user is authenticated through the client)
[18/Apr/2008:15:07:17 +0200]
— date and time of the HTTP request. The +0200
value represents time difference from the UTC standard (+2 hours are used in this example — CET).
GET
— used HTTP method
http://www.kerio.com
— requested URL
HTTP/1.1
— version of the HTTP protocol
304
— return code of the HTTP protocol
0
— size of the transferred object (file) in bytes
+4
— count of HTTP requests transferred through the connection
1058444114.733 0 192.168.64.64 TCP_MISS/304 0 GET http://www.squid-cache.org/ - DIRECT/206.168.0.9
1058444114.733
— timestamp (seconds and milliseconds since January 1st, 1970)
0
— download duration (not measured in WinRoute, always set to zero)
192.168.64.64
— IP address of the client (i.e. of the host from which the client is connected to the website)
TCP_MISS
— the TCP protocol was used and the particular object was not found in the cache (“missed”). WinRoute always uses this value for this field.
304
— return code of the HTTP protocol
0
— transferred data amount in bytes (HTTP object size)
GET http://www.squid-cache.org/
— the HTTP request (HTTP method and URL of the object)
DIRECT
— the WWW server access method (WinRoute always uses DIRECT
access)
206.168.0.9
— IP address of the WWW server