Chapter 14. Proxy Supported Log Formats

Table of Contents

Microsoft Internet Security and Acceleration Server
Squid
WebTrends Enhanced Format

Lire supports three different proxy log file formats allowing it to support a wide range of products.

Microsoft Internet Security and Acceleration Server

This product uses a format derived from the W3C Extended Log Format which is defined at http://www.w3.org/TR/WD-logfile.html. Information about the way Microsoft Internet Security and Acceleration Server™ uses that format can be found on the product's website.

The format of

Lire can use the following fields of the format: date, time, c-ip, c-host, cs-username, c-agent, time-taken, r-ip, r-host, sc-status, sc-protocol, sc-operation, s-object-source, sc-operation, rule#1, rule#2 and cs-mime-type. The other fields will be ignored.

Example 14.1. Microsoft Internet Security and Acceleration Server™ Log Sample


#Software: Microsoft(R) Internet Security and Acceleration Server 2000
#Version: 1.0
#Date: 2002-01-16 07:00:01
#Fields: c-ip	cs-username	c-agent	date	time	s-computername \
    cs-referred	r-host	r-ip	r-port	time-taken	cs-bytes\
    sc-bytes cs-protocol	s-operation	cs-uri s-object-source	\
    sc-status
10.0.0.1	anonymous	Mozilla/4.0 (compatible; MSIE 5.0; Win32)\
    2002-01-16	07:00:01	GRO1SYX01	-	-	-	-\
    -	155	2569	-	GET	-	-	200 \
10.0.0.1	anonymous	Outlook Express/5.0 \
    (MSIE 5.0; Windows 98; DigExt)	2002-01-16	07:00:04 \
    GRO1SYX01	-	1.example.com