Access log settings - ip address - Administration Manual. Web Security Manager 4.2

Rewriting X-Forwarded-For ip address

1.1.7. Access log settings

When access logging is enabled all requests to the website is logged.

The access log is generated on a per day basis and closed logs are made available for download. Enable / disable access logging.

Enable access log- ging

Check box

If enabled, Web Security Manager will log all proxied requests to the web site.

Default:<disabled>

Select the format for the access log.

Drop down list Valid input

Options from the drop down list

Web Security Manager Common, Common Log Format, Common Log Format with Virtual Host, NCSA extended/combined, Custom

Default value

When the Custom is selected the input field below the drop-down be-

comes active and allows for specifying a custom log format. Define a custom log format.

Custom fortmat

Input field Valid input

A sequence of the input fields below separated by space. Input example

remote_addr time_local request status body_bytes_sent referer

Default value

remote_addr remote_logname remote_user time_local request status body_bytes_sent referer user_agent cookie roundtrip

Enable / disable additional proxy specific log fields.

Add roundtrip time and cache info to ac- cess log format

Check box

If enabled, Web Security Manager will add roundtrip time and "served from cache flag" to the selected log format.

Default:<disabled> 1.1.7.1. Getting/viewing the access log files

When log files are available for download the filename is an active link. To download an access log file click on the filename.

When remote backup is enabled, the latest access log file made available for download will be compressed (using gzip) and copied to the remote backup destination along with the backup of the system configuration.

1.1.7.2. Access log formats

Web Security Manager supports a number of standard access log formats suitable for importing into log-analysis tools. For plain access logging the Web Security Manager format is the most condensed.

Web Security Manager Common

The Web Security Manager Common log format is a condensed version of the Common log format (below). It contains only basic HTTP access information and the time field is kept in Unix epoch format to save time and space.

The client source IP address.

Source IP

Time the request was received (UNIX timestamp)

Time

First line of request

Web server server response code - i.e.200

Server response code

Size of response in bytes, excluding HTTP headers

Response size

The time taken to serve the request, in microseconds

Response time

Is response served from cache or not (1=yes, 0=no)

Cached response

Common Log Format

The Common log format contains only basic HTTP access information. The client source IP address.

Source IP

N/A - will contain a dash, included for compatibility.

Remote logname

N/A - will contain a dash, included for compatibility.

Remote user

Time the request was received (standard english format)

Time

First line of request

Request

Web server server response code - i.e.200

Server response code

Size of response in bytes, excluding HTTP headers. In CLF format, i.e. a '-' rather than a 0 when no bytes are sent.

Response size

Common Log Format with Virtual Host

The Common log format contains only basic HTTP access information with the addition of canonical name of the Virtual Host serving the request.

The canonical ServerName of the server serving the request.

Virtual Host

The client source IP address.

Source IP

N/A - will contain a dash, included for compatibility.

Remote logname

N/A - will contain a dash, included for compatibility.

Remote user

Time the request was received (standard english format)

Time

First line of request

Request

Web server server response code - i.e.200

Server response code

Size of response in bytes, excluding HTTP headers. In CLF format, i.e. a '-' rather than a 0 when no bytes are sent.

Response size

NCSA extended/combined

The NCSA extended/combined format contains the same information as the Common log format plus two additional fields: the referral field and the user_agent field. This log format is also called Apache Combined log format.

The client source IP address.

Source IP

N/A - will contain a dash, included for compatibility.

Remote logname

N/A - will contain a dash, included for compatibility.

Remote user

Time the request was received (standard english format)

First line of request

Request

Web server server response code - i.e.200

Server response code

Size of response in bytes, excluding HTTP headers. In CLF format, i.e. a '-' rather than a 0 when no bytes are sent.

Response size

The content of the request header "Referer".

Referrer

The content of the request header "User-Agent".

User-Agent

Custom format

The custom log format allows for specifying custom log formats by entering log format field names separated by space. The field names below are available.

The client source IP address. remote_addr

Source IP

N/A - will contain a dash, included for compatibility. remote_logname

Remote log- name

N/A - will contain a dash, included for compatibility. remote_user

Remote user

Time the request was received (standard english format) time_local

In document Administration Manual. Web Security Manager 4.2 (Page 95-98)