Web Filter and Squid Access Log

After web filter processes the HTTP request and response it reports the results of web filtering (triggered rule, policy or membership lookup) as ICAP reply headers which are then written to Squid’s access log using the following logformat parameters.

logformat websafety %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt \
        "ws-iid=%{X-WebSafety-IID}adapt::<last_h" "ws-mac=%>eui" \
        "ws-duration=%{X-WebSafety-Duration}adapt::<last_h" \
        "ws-timing=%{X-WebSafety-Timing}adapt::<last_h" \
        "ws-mtime=%{X-WebSafety-Mtime}adapt::<last_h" \
        "ws-scanflags=%{X-WebSafety-ScanFlags}adapt::<last_h" \
        "ws-categories=%{X-WebSafety-Categories}adapt::<last_h" \
        "ws-trusted=%{X-WebSafety-Trusted}adapt::<last_h" \
        "ws-level=%{X-WebSafety-Level}adapt::<last_h" \
        "ws-verdict=%{X-WebSafety-Verdict}adapt::<last_h" \
        "ws-policy=%{X-WebSafety-Policy}adapt::<last_h" \
        "ws-member=%{X-WebSafety-Member}adapt::<last_h" \
        "ws-module=%{X-WebSafety-Module}adapt::<last_h" \
        "ws-msgtype=%{X-WebSafety-MsgType}adapt::<last_h" \
        "ws-param1=%{X-WebSafety-Param1}adapt::<last_h" \
        "ws-param2=%{X-WebSafety-Param2}adapt::<last_h" \
        "ws-debug=%{X-WebSafety-Debug}adapt::<last_h"

These parameters are hardcoded in the product and cannot be changed directly (although can be changed if needed in the next version of the product). The logformat definition is stored in /opt/websafety-ui/var/console/squid/templates/squid/conf/logfile.conf file.

This definition is later used to write additional data into default Squid’s access log using the following configuration directive access_log daemon:{{access_log}} logformat=websafety.

Final Squid access log with additions of web filtering results will usually look something like this

1575275455.639      0 192.168.5.149 TCP_DENIED/407 4205 CONNECT img.weeronline.cloud:443 - HIER_NONE/- text/html "ws-iid=-" "ws-mac=00:00:00:00:00:00" "ws-duration=-" "ws-timing=-" "ws-mtime=-" "ws-scanflags=-" "ws-categories=-" "ws-trusted=-" "ws-level=-" "ws-verdict=-" "ws-policy=-" "ws-member=-" "ws-module=-" "ws-msgtype=-" "ws-param1=-" "ws-param2=-" "ws-debug=-"
1575275455.640     50 192.168.5.149 NONE/200 0 CONNECT img.weeronline.cloud:443 john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 - "ws-iid=76479" "ws-mac=00:00:00:00:00:00" "ws-duration=23" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=1" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=2" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.657     58 192.168.5.149 NONE/200 0 CONNECT www.weeronline.nl:443 john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.15.238 - "ws-iid=76487" "ws-mac=00:00:00:00:00:00" "ws-duration=3" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=1" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=2" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.659     63 192.168.5.149 NONE/200 0 CONNECT img.weeronline.cloud:443 john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 - "ws-iid=76480" "ws-mac=00:00:00:00:00:00" "ws-duration=6" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=1" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=2" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.660     63 192.168.5.149 NONE/200 0 CONNECT www.googletagmanager.com:443 john.rambo@EXAMPLE.LAN HIER_DIRECT/172.217.17.72 - "ws-iid=76469" "ws-mac=00:00:00:00:00:00" "ws-duration=54415" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=1125899940397056" "ws-trusted=0" "ws-level=1" "ws-verdict=1" "ws-policy=default" "ws-member=default" "ws-module=1048576" "ws-msgtype=2" "ws-param1=www.googletagmanager.com" "ws-param2=generic_non_categorized:user_tracking" "ws-debug=None"
1575275455.662     63 192.168.5.149 NONE/200 0 CONNECT img.weeronline.cloud:443 john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 - "ws-iid=76482" "ws-mac=00:00:00:00:00:00" "ws-duration=3" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=1" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=2" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.662      0 192.168.5.149 TCP_DENIED/407 4205 CONNECT img.weeronline.cloud:443 - HIER_NONE/- text/html "ws-iid=-" "ws-mac=00:00:00:00:00:00" "ws-duration=-" "ws-timing=-" "ws-mtime=-" "ws-scanflags=-" "ws-categories=-" "ws-trusted=-" "ws-level=-" "ws-verdict=-" "ws-policy=-" "ws-member=-" "ws-module=-" "ws-msgtype=-" "ws-param1=-" "ws-param2=-" "ws-debug=-"
1575275455.680      4 192.168.5.149 NONE/403 13740 GET https://www.googletagmanager.com/gtm.js? john.rambo@EXAMPLE.LAN HIER_NONE/- text/html "ws-iid=76485" "ws-mac=00:00:00:00:00:00" "ws-duration=74" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=1125899940397056" "ws-trusted=0" "ws-level=1" "ws-verdict=2" "ws-policy=default" "ws-member=default" "ws-module=1024" "ws-msgtype=2" "ws-param1=www.googletagmanager.com" "ws-param2=generic_non_categorized:user_tracking" "ws-debug=None"
1575275455.689     38 192.168.5.149 TCP_MISS/200 6644 GET https://img.weeronline.cloud/v1/image? john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 image/png "ws-iid=76489" "ws-mac=00:00:00:00:00:00" "ws-duration=50" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=2" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=3" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.697     57 192.168.5.149 NONE/200 0 CONNECT img.weeronline.cloud:443 john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 - "ws-iid=76488" "ws-mac=00:00:00:00:00:00" "ws-duration=41" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=1" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=2" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.699     52 192.168.5.149 NONE/200 0 CONNECT img.weeronline.cloud:443 john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 - "ws-iid=76490" "ws-mac=00:00:00:00:00:00" "ws-duration=2" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=1" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=2" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.704     28 192.168.5.149 TCP_MISS/200 6724 GET https://img.weeronline.cloud/v1/image? john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 image/png "ws-iid=76497" "ws-mac=00:00:00:00:00:00" "ws-duration=11" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=2" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=3" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.704     33 192.168.5.149 TCP_REFRESH_UNMODIFIED/304 764 GET https://www.weeronline.nl/assets/c089e84b679fe4959d3fee86c702b531a701d185/bundle.js.gz john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.15.238 - "ws-iid=76499" "ws-mac=00:00:00:00:00:00" "ws-duration=3" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=0" "ws-level=1" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=3" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.713     41 192.168.5.149 TCP_MISS/200 6442 GET https://img.weeronline.cloud/v1/image? john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 image/png "ws-iid=76500" "ws-mac=00:00:00:00:00:00" "ws-duration=6" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=2" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=3" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.716     24 192.168.5.149 TCP_MISS/200 6392 GET https://img.weeronline.cloud/v1/image? john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 image/png "ws-iid=76504" "ws-mac=00:00:00:00:00:00" "ws-duration=5" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=2" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=3" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.724     52 192.168.5.149 NONE/200 0 CONNECT img.weeronline.cloud:443 john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 - "ws-iid=76495" "ws-mac=00:00:00:00:00:00" "ws-duration=2" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=1" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=2" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.731     23 192.168.5.149 TCP_MISS/200 6468 GET https://img.weeronline.cloud/v1/image? john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 image/png "ws-iid=76506" "ws-mac=00:00:00:00:00:00" "ws-duration=14" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=2" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=3" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.738     29 192.168.5.149 TCP_MISS/200 6524 GET https://img.weeronline.cloud/v1/image? john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.2.4 image/png "ws-iid=76509" "ws-mac=00:00:00:00:00:00" "ws-duration=3" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=1" "ws-level=2" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=3" "ws-param1=None" "ws-param2=None" "ws-debug=None"
1575275455.739     27 192.168.5.149 TCP_REFRESH_UNMODIFIED/200 8184 GET https://www.weeronline.nl/assets/c089e84b679fe4959d3fee86c702b531a701d185/wol-horizontal-white.svg john.rambo@EXAMPLE.LAN HIER_DIRECT/104.26.15.238 image/svg+xml "ws-iid=76511" "ws-mac=00:00:00:00:00:00" "ws-duration=2" "ws-timing=0" "ws-mtime=0" "ws-scanflags=63" "ws-categories=17179869184" "ws-trusted=0" "ws-level=1" "ws-verdict=0" "ws-policy=default" "ws-member=default" "ws-module=2" "ws-msgtype=3" "ws-param1=None" "ws-param2=None" "ws-debug=None"

Important

If needed log generation can by anonymized by setting the corresponding checkbox in UI / Traffic Monitor / Settings.