File: proxy.xml

package info (click to toggle)
lire 20020214-7
  • links: PTS
  • area: main
  • in suites: woody
  • size: 6,180 kB
  • ctags: 1,245
  • sloc: perl: 11,637; xml: 5,725; sh: 3,458; makefile: 1,008
file content (216 lines) | stat: -rw-r--r-- 6,375 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
 
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE lire:dlf-schema PUBLIC
  "-//LogReport.ORG//DTD Lire DLF Schema Markup Language V1.0//EN"
  "http://www.logreport.org/LDSML/1.0/ldsml.dtd">
<lire:dlf-schema superservice="proxy" timestamp="time"
 xmlns:lire="http://www.logreport.org/LDSML/">

 <!-- $Id: proxy.xml,v 1.11 2002/02/12 19:59:05 flacoste Exp $ -->

 <lire:title>DLF Schema for Proxy superservice</lire:title>
 <lire:description>
  <para>This DLF file is adequate to represent most common
   informations about proxy events. It has the same information
   as found in most proxy-like servers log files.

 <!-- as discussed in 
   Date: Wed, 9 Jan 2002 16:58:24 -0500
   From: "Francis J. Lacoste" XXX
   To: development XXX
   Subject: PROPOSAL: schema for proxy superservice
   Message-ID: <20020109215824.GX566@Contre.COM>
 -->

  </para>
 </lire:description>

 <lire:field name="time" type="timestamp"/>

 <lire:field name="client_ip" type="ip">
  <lire:description>
   <para>IP address of the client, e.g. 212.61.24.7 (c_ip)</para>
  </lire:description>
 </lire:field>

 <lire:field name="client_host" type="hostname">
  <lire:description>
   <para>hostname of the client (complete fqdn, e.g. hibou.logreport.org)
(c_dns)</para>
  </lire:description>
 </lire:field>

 <lire:field name="user" type="string">
  <lire:description>
   <para>authenticated user</para>
  </lire:description>
 </lire:field>

 <lire:field name="duration" type="duration">
  <lire:description>
   <para>time spent on the request</para>
  </lire:description>
 </lire:field>

 <lire:field name="cache_result" type="string">
  <lire:description>
   <para>Result code for the cache TCP_MISS, TCP_HIT, etc.  List is available
    on Squid page, and in squid2dlf(1). All DLF converter should map
    their native value to the squid's one which is very complete and
    exhaustive. 
   </para>
  </lire:description>
 </lire:field>

 <lire:field name="req_result" type="int" default="-">
  <lire:description>
   <para>HTTP result of the request. e.g. 200 or 404. FIXME: we should add a
type for this to dtd/lire-types.mod.</para>
  </lire:description>
 </lire:field>

 <lire:field name="protocol" type="string">
  <lire:description>
   <para>Protocol of the requests: ftp, http, https, telnet, etc.</para>
  </lire:description>
 </lire:field>

 <lire:field name="transport" type="string">
  <lire:description>
   <para>UDP or TCP (will be TCP most of the time, but important for UDP
socks).</para>
  </lire:description>
 </lire:field>

 <lire:field name="dst_ip" type="ip">
  <lire:description>
   <para>IP of the destination</para>
  </lire:description>
 </lire:field>

 <lire:field name="dst_host" type="hostname">
  <lire:description>
   <para>Hostname of the destination, that will be the website</para>
  </lire:description>
 </lire:field>

 <lire:field name="dst_port" type="port">
  <lire:description>
   <para>Port of the destination used in IP session</para>
  </lire:description>
 </lire:field>

 <lire:field name="operation" type="string">
  <lire:description>
   <para>HTTP method, e.g. GET or POST</para>
  </lire:description>
 </lire:field>

 <lire:field name="requested_url" type="url">
  <lire:description>
   <para>URL requested on the server</para>
  </lire:description>
 </lire:field>

 <!-- <lire:field name="bytes" type="bytes" default="0"> has the same effect
   as: -->
 <lire:field name="bytes" type="bytes">
  <lire:description>
   <para>Bytes transferred from proxy to client</para>
  </lire:description>
 </lire:field>

 <lire:field name="type" type="string">
  <lire:description>
   <para>MIME type for HTTP requests, e.g. text/html or image/jpeg</para>
  </lire:description>
 </lire:field>

 <lire:field name="rule" type="string">
  <lire:description>
   <para>Reference to the configuration rule that allowed or denied
    the request.</para>
  </lire:description>
 </lire:field>

 <lire:field name="useragent" type="string">
  <lire:description>
   <para>Useragent used by client.  E.g. 'Mozilla/4.0 (compatible; MSIE 5.0;
Win32)' or 'Outlook Express/5.0 (MSIE 5.0; Windows 98; DigExt)'</para>
  </lire:description>
 </lire:field>

 <lire:field name="result_src_code" type="string">
  <lire:description>
   <para>Code qualifying the next two fields. (i.e. NONE, DIRECT,
    PARENT_HIT, etc.) All DLF converter should map their native value
    to the squid's one which is very complete and exhaustive.

<!-- This and all following result_ fields are used in the case of
    cache. The result src is from where the object was fetched (local
    cache, parent cache, peer cache, original host, etc.) -->

</para>
  </lire:description>
 </lire:field>

 <lire:field name="result_src_ip" type="ip">
  <lire:description>
   <para>IP address of the server which handled the request, i.e.
     destination or other cache</para>
  </lire:description>
 </lire:field>

 <lire:field name="result_src_host" type="hostname">
  <lire:description>
   <para>Hostname of the server that handled the request and gave the
     result.</para>
  </lire:description>
 </lire:field>

 <lire:field name="result_src_port" type="port">
  <lire:description>
   <para>Port on referring host used in IP session.</para>
  </lire:description>
 </lire:field>

 <lire:field name="cat_action" type="string" default="-">
  <lire:description>
   <para>This field contains either the value
    <constant>block</constant> or <constant>pass</constant>. It is
    used when access control is based on content filtering.
   </para>
  </lire:description>
 </lire:field>

 <lire:field name="cat_site" type="string">
  <lire:description>
   <para>Category for the website.

<!-- This and the following cat fields are supported by WELF for web proxies
that do content analysis. -->

</para>
  </lire:description>
 </lire:field>

 <lire:field name="catlevel_site" type="int" default="-">
  <lire:description>
   <para>Level can be 1 or 2. 1 meaning "no no" categories. 2 meaning "family
fun" categories.</para>
  </lire:description>
 </lire:field>

 <lire:field name="cat_page" type="string">
  <lire:description>
   <para>Like cat_site, but for the actual page.</para>
  </lire:description>
 </lire:field>

 <lire:field name="catlevel_page" type="int" default="-">
  <lire:description>
   <para>Like catlevel_site, but for the actual page.</para>
  </lire:description>
 </lire:field>

</lire:dlf-schema>