1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>WebTrends Enhanced Format</title><meta name="generator" content="DocBook XSL Stylesheets V1.73.2"><link rel="start" href="index.html" title="Lire User's Manual"><link rel="up" href="ch14.html" title="Chapter14.Proxy Supported Log Formats"><link rel="prev" href="ch14s02.html" title="Squid™"><link rel="next" href="ch15.html" title="Chapter15.Syslog Supported Log Formats"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">WebTrends Enhanced Format</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch14s02.html">Prev</a></td><th width="60%" align="center">Chapter14.Proxy Supported Log Formats</th><td width="20%" align="right"><a accesskey="n" href="ch15.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2575860"></a>WebTrends Enhanced Format</h2></div></div></div><p>The WELF format is a format developed by WebTrends and
supported by many firewall vendors. Products can save log
files in that format directly or can log through
<span class="command"><strong>syslog</strong></span>. Either the WELF log
files or <span class="command"><strong>syslog</strong></span>'s log files contain
WELF information. This format can be used by packet
filter firewalls, proxies or network intrusion detection
devices. This <span class="application">Lire</span> superservice will only process records
that are related to proxy services (either application proxy like a
web proxy or a transport proxy like for the telnet protocol).
</p><div class="example"><a name="id2575943"></a><p class="title"><b>Example14.3.WELF Log Sample</b></p><div class="example-contents"><pre class="programlisting">
WTsyslog[1998-08-01 00:04:11 ip=10.0.0.1 pri=6] id=firewall \
time="1998-08-01 00:08:52" fw=WebTrendsSample pri=6 proto=http \
src=10.0.0.2 dst=10.0.0.3 dstname=1.example.com \
arg=/selfupd/x86/en/WULPROTO.CAB op=GET result=304 sent=898
WTsyslog[1998-08-01 00:04:12 ip=10.0.0.1 pri=6] id=firewall \
time="1998-08-01 00:08:52" fw=WebTrendsSample pri=6 proto=http \
src=10.0.0.2 dst=10.0.0.3 dstname=1.example.com \
arg=/selfupd/x86/en/CUNPROT2.CAB op=GET result=304 sent=853
WTsyslog[1998-08-01 00:04:23 ip=10.0.0.1 pri=6] id=firewall \
time="1998-08-01 00:09:03" fw=WebTrendsSample pri=6 proto=http \
src=10.0.0.2 dst=10.0.0.3 dstname=1.example.com \
arg=/R510/v31content/90820/0x00000409.gng op=GET result=304 sent=2983
WTsyslog[1998-08-01 03:02:03 ip=10.0.0.1 pri=6] id=firewall \
time="1998-08-01 03:06:43" fw=WebTrendsSample pri=6 proto=http \
src=10.0.0.2 dst=10.0.0.4 dstname=2.example.com arg=/ op=POST \
result=200 sent=2195
WTsyslog[1998-08-01 16:25:33 ip=10.0.0.1 pri=6] id=firewall \
time="1998-08-01 06:30:09" fw=WebTrendsSample pri=6 proto=http \
src=10.0.0.5 dst=10.0.0.6 dstname=3.example.com \
arg=/portal/brand/images/logo_pimg.gif op=GET result=304 rcvd=1036
</pre></div></div><br class="example-break"></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ch14s02.html">Prev</a></td><td width="20%" align="center"><a accesskey="u" href="ch14.html">Up</a></td><td width="40%" align="right"><a accesskey="n" href="ch15.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top"><span class="productname">Squid</span>™</td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top">Chapter15.Syslog Supported Log Formats</td></tr></table></div></body></html>
|
