F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
75
9.
Logs
F-Secure Internet Gatekeeper for Linux records access status, virus detection status, and error
occurrences to log files. The log files are saved in /opt/f-secure/fsigk/log/ and a directory is created for
each service.
9.1
Log Files
9.1.1
Access Logs
All accesses to servers through the product are saved into access logs.
Logs are formatted in the following manner.
You can use various log analyzing tools because the logs saved by the product are compatible with
the Squid log format. For setting examples of Webalizer, see “
Log Analysis Tools
”, 99.
Log format
Connection statuses are recorded one line at a time. Each item below is separated with a space.
•
Time
The access time from the client. Displays the number of seconds from epoch time
(1970/01/01
00:00:00(UTC)) in milliseconds.
•
Connection
time
Displays how long the client was connected in milliseconds.
•
Client
host
Displays the host of the client. When reverse lookup is available, the host name is displayed. If not,
the IP address is displayed.
•
Processing
results
Returns [Cache status] / [HTTP status code].
Cache status is not used. TCP_MISS is always used.
The HTTP status code is the HTTP response status code (3 digit number) to be sent to the client.
200 is returned for non-HTTP successful connections, 500 when a error occurs, and 000 in other
cases (including when connections are terminated immediately after connecting without any data
relay).
•
File
size
The size of the file transferred.
•
Request
method
The HTTP request method (GET, POST, etc.) when HTTP is used. PUT is applicable when FTP is
used. In other cases, GET is used.
•
URL
Displays the URL accessed.