ICAP-888 — Unified ICAP server statistics message
PROXY-EVENT PROTOCOL=%s CLIENT=%s CLIENT-IP=%s CLIENT-PORT=%u SERVER=%s SERVER-IP=%s SERVER-PORT=%u SERVER-PORT-NAME=%s USER=%s BYTES-CIN=%u BYTES-COUT=%u BYTES-SIN=%u BYTES-SOUT=%u DURATION=%s STATUS=%s RESULT=%s RULE=%s USER-GROUPS=%s ICAP-METHOD=%s METHOD=%s URI=%s CONTENT-TYPE=%s STATUS-CODE=%u VIRUS-STATUS=%s PAGE-VIEW=%u BYPASS=%u CATEGORIES=%s REFERER=%s
This message informs that the server has finished processing an HTTP request (ICAP request with REQMOD or RESPMOD method).
Common fields:
network protocol (TCP / UDP)
client (hostname if available, IP address otherwise)
client IP address
client port number
server (hostname if available, IP address otherwise)
server IP address
server port number
server port name (reported by getservbyport())
authenticated user
client-side bytes in (client <- proxy)
client-side bytes out (client -> proxy)
server-side bytes in (proxy <- server)
server-side bytes out (proxy -> server)
duration in seconds
status code (ACCEPTED / REJECTED)
result code (OK / FAILED / ABORTED)
rule name.
ICAP server specific fields:
first matching authenticated group
ICAP method (REQMOD / RESPMOD)
HTTP method (e.g. GET, POST, HEAD, ...)
HTTP URI
HTTP Content-Type header (e.g. text/html, image/png, ...)
HTTP status code (e.g. 200, 301, 404, ...)
virus status code (reported by the antivirus module)
page view flag (1=TRUE, 0=FALSE)
Clear Web bypass flag (1=TRUE, 0=FALSE)
list of Clear Web categories
HTTP Referer header