Name

ICAP-888 — Unified ICAP server statistics message

Severity

I (statistic)

Message text

PROXY-EVENT PROTOCOL=%s CLIENT=%s CLIENT-IP=%s CLIENT-PORT=%u SERVER=%s SERVER-IP=%s SERVER-PORT=%u SERVER-PORT-NAME=%s USER=%s BYTES-CIN=%u BYTES-COUT=%u BYTES-SIN=%u BYTES-SOUT=%u DURATION=%s STATUS=%s RESULT=%s RULE=%s USER-GROUPS=%s ICAP-METHOD=%s METHOD=%s URI=%s CONTENT-TYPE=%s STATUS-CODE=%u VIRUS-STATUS=%s PAGE-VIEW=%u BYPASS=%u CATEGORIES=%s REFERER=%s

Description

This message informs that the server has finished processing an HTTP request (ICAP request with REQMOD or RESPMOD method).

Common fields:

  • network protocol (TCP / UDP)

  • client (hostname if available, IP address otherwise)

  • client IP address

  • client port number

  • server (hostname if available, IP address otherwise)

  • server IP address

  • server port number

  • server port name (reported by getservbyport())

  • authenticated user

  • client-side bytes in (client <- proxy)

  • client-side bytes out (client -> proxy)

  • server-side bytes in (proxy <- server)

  • server-side bytes out (proxy -> server)

  • duration in seconds

  • status code (ACCEPTED / REJECTED)

  • result code (OK / FAILED / ABORTED)

  • rule name.

ICAP server specific fields:

  • first matching authenticated group

  • ICAP method (REQMOD / RESPMOD)

  • HTTP method (e.g. GET, POST, HEAD, ...)

  • HTTP URI

  • HTTP Content-Type header (e.g. text/html, image/png, ...)

  • HTTP status code (e.g. 200, 301, 404, ...)

  • virus status code (reported by the antivirus module)

  • page view flag (1=TRUE, 0=FALSE)

  • Clear Web bypass flag (1=TRUE, 0=FALSE)

  • list of Clear Web categories

  • HTTP Referer header

See also

ICAR-818(6), ICAR-819(6), logging(7)

Authors

This man page is a part of Kernun Firewall.
Copyright © 2000–2023 Trusted Network Solutions, a. s.
All rights reserved.