F-SECURE POLICY MANAGER 8.0 Administrator's Manual - page 52
52
CustomLog: This entry is used to log requests to the server. The first
parameter is either a file (file to which the requests should be logged) or a
pipe ('|') followed by the path to a program to receive the log information
on its standard input. This feature is used for spawning the rotatelogs
(see the rotatelogs entry in this section) utility so that the log file is
actually rotated and not written to an ever growing file.
The second parameter specifies what will be written to the log file, and is
defined under a previous LogFormat directive.
Below is an example of an entry in the access.log file:
10.128.131.224 - - [18/Apr/2002:14:06:36 +0300]
/fsmsa/
fsmsa.dll?FSMSCommand=ReadPackage&Type=27&SessionID=248 HTTP/
1.1"
200 5299 0 - 0 - "FSA/5.10.2211 1.3.1_02 Windows2000/5.0 x86"
mod_gzip: DECHUNK:DECLINED:TOO_SMALL CR:0pct.
10.128.131.224 - - [18/Apr/2002:14:06:36 +0300] tells you when the
request to the server was made and by which host (described by its IP
address).
The fxnext component informs you which module the command sent to /
fsmsa/fsmsa.dll. This module (fsmsa.dll) is the Admin Module. fsmsh.dll
would be the Host Module.
Then come the command and parameters
FSMSCommand=ReadPackage&Type=27&SessionID=248. In this case the
host requested an object of Type 27 (there is only one).
The HTTP version used is also noted HTTP/1.1
Immediately after the http version comes six different numbers, as
follows:
1. HTTP response code: In this example 200 is used, meaning OK in
HTTP specification. There are other codes, all of them covered under
the HTTP specification that can be obtained from
http://www.w3.org.
2. Bytes transferred from the server: The example entry informs of 5299
bytes transferred.
3. How long the server took to serve the request (in seconds).
4. Connection status when response is completed.