What is the format and description of the Webprevent_Access log.
# host_ip "auth_user" time_stamp "request_line" icap_status_code request_size "referer" "user_agent" processing_time(ms) conn_id client_ip client_port action_code icap_method_code traffic_source_code msg_uid
A field that is listed with quotes in field description message will have values listed in quotes in log messages. For a request which could not determine the field values will have - or "" as default value.
Fields | Explanation |
host_ip | end host that made the request |
auth_user | authorized user for this request |
time_stamp | time when the request was received by web prevent (request arrival time) |
request_line | line representing request |
icap_status_code | ICAP response code sent by web prevent for this request |
request_size | request size in bytes |
referer | referer header value from request |
user_agent | user agent associated with the request |
processing_time(ms) | request processing time in millisecond (ms) - value includes receiving + content inspection + sending time |
conn_id | connection id associated with the request |
client_ip | ip of the ICAP client (proxy) |
client_port | port of the ICAP client (proxy) |
action_code | an integer representing the action taken by web prevent |
icap_method_code | an integer representing the ICAP method associated with this request |
traffic_source_code | identifies traffic source as Tablet/Web/Unknown |
msg_uid | unique message identifier associated with request |
Note:
action_code and icap_method_code are integer values and their interpretation can be found in IcapActionType.java and IcapMethod.java respectively.
action code value | Interpretation |
0 | UNKNOWN |
1 | ALLOW |
2 | BLOCK |
3 | REDACT |
4 | ERROR |
5 | ALLOW_WITHOUT_INSPECTION |
6 | OPTIONS_RESPONSE |
7 | REDIRECT |
icap_method_code | Interpretation |
-1 | ILLEGAL |
0 | OPTIONS |
1 | REQMOD |
2 | RESPMOD |
3 | LOG |
traffic_source_code is an integer corresponding to enum values defined in IncidentType.java
traffic_source_code | Interpretation |
---|---|
0 | TABLET - for Tablet Only License |
1 | NETWORK - for Network Prevent for Web Only License |
2 | UNKNOWN - for Network Prevent for Web + Tablet license and request fails to match UserAgent / IP range checks. Incident (if generated) will be categorized as Network |