Squid Access Logs
Traffic Monitor utilizes Squid access logs to build reports of traffic activity. The following section describes how it works.
After web filter processes the HTTP request and response it reports the results of web filtering (triggered rule, policy or membership lookup) as ICAP reply headers which are then written to Squid's access log using the following logformat parameters.
logformat websafety %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt \
"ws-iid=%{X-WebSafety-IID}adapt::<last_h" "ws-mac=%>eui" \
"ws-duration=%{X-WebSafety-Duration}adapt::<last_h" \
"ws-timing=%{X-WebSafety-Timing}adapt::<last_h" \
"ws-mtime=%{X-WebSafety-Mtime}adapt::<last_h" \
"ws-scanflags=%{X-WebSafety-ScanFlags}adapt::<last_h" \
"ws-categories=%{X-WebSafety-Categories}adapt::<last_h" \
"ws-trusted=%{X-WebSafety-Trusted}adapt::<last_h" \
"ws-level=%{X-WebSafety-Level}adapt::<last_h" \
"ws-verdict=%{X-WebSafety-Verdict}adapt::<last_h" \
"ws-policy=%{X-WebSafety-Policy}adapt::<last_h" \
"ws-member=%{X-WebSafety-Member}adapt::<last_h" \
"ws-module=%{X-WebSafety-Module}adapt::<last_h" \
"ws-msgtype=%{X-WebSafety-MsgType}adapt::<last_h" \
"ws-param1=%{X-WebSafety-Param1}adapt::<last_h" \
"ws-param2=%{X-WebSafety-Param2}adapt::<last_h" \
"ws-debug=%{X-WebSafety-Debug}adapt::<last_h"
These parameters are hardcoded in the product and cannot be changed directly (although can be changed if needed in the next version of the product). The logformat definition is stored in /opt/websafety-ui/var/console/squid/templates/squid/conf/logfile.conf file.
This definition is later used to write additional data into default Squid's access log using the following configuration directive access_log daemon:{{access_log}} logformat=websafety.
Final Squid access log with additions of web filtering results will usually look something like this
1575275455.639 0 192.168.5.149 TCP_DENIED/407 4205 CONNECT img.weeronline.cloud:443 - HIER_NONE/- text/html "ws-iid=-" "ws-mac=00:00:00:00:00:00" "ws-duration=-" "ws-timing=-" "ws-mtime=-" "ws-scanflags=-" "ws-categories=-" "ws-trusted=-" "ws-level=-" "ws-verdict=-" "ws-policy=-" "ws-member=-" "ws-module=-" "ws-msgtype=-" "ws-param1=-" "ws-param2=-" "ws-debug=-"
1575275455.640 50 192.168.5.149 NONE/200 0 CONNECT img.weeronline.cloud:443 john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 - "ws-iid=76479" "ws-mac=00:00:00:00:00:00" "ws-duration=23" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=1" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=2" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.657 58 192.168.5.149 NONE/200 0 CONNECT www.weeronline.nl:443 john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.15.238 - "ws-iid=76487" "ws-mac=00:00:00:00:00:00" "ws-duration=3" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=1" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=2" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.659 63 192.168.5.149 NONE/200 0 CONNECT img.weeronline.cloud:443 john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 - "ws-iid=76480" "ws-mac=00:00:00:00:00:00" "ws-duration=6" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=1" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=2" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.660 63 192.168.5.149 NONE/200 0 CONNECT www.googletagmanager.com:443 john.rambo@EXAMPLE.LAN HIER_DIRECT/172.217.17.72 - "ws-iid=76469" "ws-mac=00:00:00:00:00:00" "ws-duration=54415" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=1125899940397056" "ws-trusted=0" "ws-level=1" "ws-verdict=1" "ws-policy=default" "ws-member=default" "ws-module=1048576" "ws-msgtype=2" "ws-param1=www.googletagmanager.com" "ws-param2=generic_non_categorized:user_tracking" "ws-debug=None"
1575275455.662 63 192.168.5.149 NONE/200 0 CONNECT img.weeronline.cloud:443 john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 - "ws-iid=76482" "ws-mac=00:00:00:00:00:00" "ws-duration=3" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=1" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=2" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.662 0 192.168.5.149 TCP_DENIED/407 4205 CONNECT img.weeronline.cloud:443 - HIER_NONE/- text/html "ws-iid=-" "ws-mac=00:00:00:00:00:00" "ws-duration=-" "ws-timing=-" "ws-mtime=-" "ws-scanflags=-" "ws-categories=-" "ws-trusted=-" "ws-level=-" "ws-verdict=-" "ws-policy=-" "ws-member=-" "ws-module=-" "ws-msgtype=-" "ws-param1=-" "ws-param2=-" "ws-debug=-"
1575275455.680 4 192.168.5.149 NONE/403 13740 GET https://www.googletagmanager.com/gtm.js? john.rambo@EXAMPLE.LAN HIER_NONE/- text/html "ws-iid=76485" "ws-mac=00:00:00:00:00:00" "ws-duration=74" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=1125899940397056" "ws-trusted=0" "ws-level=1" "ws-verdict=2" "ws-policy=default" "ws-member=default" "ws-module=1024" "ws-msgtype=2" "ws-param1=www.googletagmanager.com" "ws-param2=generic_non_categorized:user_tracking" "ws-debug=None"
1575275455.689 38 192.168.5.149 TCP_MISS/200 6644 GET https://img.weeronline.cloud/v1/image? john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 image/png "ws-iid=76489" "ws-mac=00:00:00:00:00:00" "ws-duration=50" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=2" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=3" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.697 57 192.168.5.149 NONE/200 0 CONNECT img.weeronline.cloud:443 john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 - "ws-iid=76488" "ws-mac=00:00:00:00:00:00" "ws-duration=41" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=1" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=2" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.699 52 192.168.5.149 NONE/200 0 CONNECT img.weeronline.cloud:443 john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 - "ws-iid=76490" "ws-mac=00:00:00:00:00:00" "ws-duration=2" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=1" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=2" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.704 28 192.168.5.149 TCP_MISS/200 6724 GET https://img.weeronline.cloud/v1/image? john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 image/png "ws-iid=76497" "ws-mac=00:00:00:00:00:00" "ws-duration=11" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=2" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=3" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.704 33 192.168.5.149 TCP_REFRESH_UNMODIFIED/304 764 GET https://www.weeronline.nl/assets/c089e84b679fe4959d3fee86c702b531a701d185/bundle.js.gz john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.15.238 - "ws-iid=76499" "ws-mac=00:00:00:00:00:00" "ws-duration=3" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=0" "ws-level=1" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=3" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.713 41 192.168.5.149 TCP_MISS/200 6442 GET https://img.weeronline.cloud/v1/image? john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 image/png "ws-iid=76500" "ws-mac=00:00:00:00:00:00" "ws-duration=6" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=2" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=3" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.716 24 192.168.5.149 TCP_MISS/200 6392 GET https://img.weeronline.cloud/v1/image? john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 image/png "ws-iid=76504" "ws-mac=00:00:00:00:00:00" "ws-duration=5" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=2" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=3" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.724 52 192.168.5.149 NONE/200 0 CONNECT img.weeronline.cloud:443 john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 - "ws-iid=76495" "ws-mac=00:00:00:00:00:00" "ws-duration=2" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=1" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=2" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.731 23 192.168.5.149 TCP_MISS/200 6468 GET https://img.weeronline.cloud/v1/image? john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 image/png "ws-iid=76506" "ws-mac=00:00:00:00:00:00" "ws-duration=14" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=2" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=3" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.738 29 192.168.5.149 TCP_MISS/200 6524 GET https://img.weeronline.cloud/v1/image? john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 image/png "ws-iid=76509" "ws-mac=00:00:00:00:00:00" "ws-duration=3" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=2" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=3" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.739 27 192.168.5.149 TCP_REFRESH_UNMODIFIED/200 8184 GET https://www.weeronline.nl/assets/c089e84b679fe4959d3fee86c702b531a701d185/wol-horizontal-white.svg john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.15.238 image/svg+xml "ws-iid=76511" "ws-mac=00:00:00:00:00:00" "ws-duration=2" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=0" "ws-level=1" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=3" "ws-param1=None" "ws-param2=None" "ws-debug=None"
If needed log generation can by anonymized by setting the corresponding checkbox in Admin UI / Traffic Monitor / Settings.