Log Types: MSProxySvr
- Leigh Purdie (Unlicensed)
Overview
Microsoft Proxy Server was a firewall and content-caching server that provided a gateway to the Internet that included firewall support through application layer proxy, circuit layer proxy, and dynamic packet filtering.
Collection
The Snare Epilog agent can collect and forward Microsoft Proxy Server log data.
Sample Events
203.8.234.160, ORG\zpurdl, Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0), Y, 25/11/2002, 23:54:06, W3Proxy, ANATPX1, -, 10.16.3.1, 10.16.3.1, 80, 2141, 4949, 1070, http, tcp, GET, http://www.google.com/index.html, text/html, Upstream, 200, 8388608
Fields
Field | Description |
|---|---|
DATE | Event date, in the format YYYY-MM-DD |
TIME | Event time, in the format HH:MM:SS |
SYSTEM | The source system |
TABLE | WebLog |
HOSTNAME |
|
USERNAME | If available, the authenticated username requesting access to the data. |
URL | Universal resource locator - the web address of the resource being accessed. |
RETURNCODE | Return code of the access request |
BYTES | The number of bytes transferred |
REFERRER | The referrer page |
AGENT | The browser information provided by the client |
PROTOCOL | HTTP, HTTPS, FTP, GOPHER, and so on |
LOGTYPE | proxysvr |
CATEGORY |
|
STRINGS | All other data in the event will be pushed to this field. |
Notes
Microsoft Proxy Server logs will be included in the meta-logtype “WebLog”, and will be tagged as “proxysvr” in the field LOGTYPE