|
|
|
iPrism Knowledgebase June 22, 2010 IP0257.htm
|
|
|
|
iPrism Knowledgebase June 22, 2010 IP0257.htm
|
iPrism gives you the ability to export Syslog format data. This allows:
Archiving the log files for future reference
Reading the log information without connecting to iPrism itself
Importing the data in your own system (spreadsheet, SQL database) and processing it
iPrism can export each HTTP, IM andP2P event (only monitored events will be reported) to a Syslog Host.
Note: Syslog data is truncated after the '?' character when you are using proxy mode. If you are using bridge (transparent) mode, data after the '?' is kept.
Go to Reports → Preferences and enter an IP address in the "Syslog Host" field.
The iPrism format of an HTTP access syslog message is detailed in the following table:
4.x Field Name |
Contents |
Comments |
|
Syslog header |
Information added by the syslog program. |
Varies from system to system. |
|
Type |
URL request type |
For example, "WEB" |
|
Protocol |
URL request protocol |
For example, "http" or "https" |
|
Time |
Time of access |
For example, "1135729191" |
|
Action |
Action taken |
B - Blocked |
|
IP |
IP address of system making request |
For example, "xxx.xxx.xxx.xxx" |
|
Profile |
Active profile |
For example, "BlockOffensive" |
|
User |
Username |
For example, "Domainname\Username" |
|
Bandwidth |
In bytes |
For example, "192" (integer number) |
|
URL |
URL of the request |
For example, "http://etc..." |
|
Rating |
Rating of the site |
For example, "web search" |
|
Duration |
Duration calculation estimate |
For example, "0" (integer number) |
|
Method |
HTML method |
For example, "GET" |
|
Status |
For example, "200" |
|
|
Mime |
Mime type |
For example, "text/html" |
The iPrism 4.x format of IM and P2P event is detailed in the following table:
Field Name |
Contents |
Comments |
|
Syslog header |
Information added by the syslog program. |
Varies from system to system. |
|
Type |
IM or P2P |
|
|
Protocol |
IM or P2P protocol |
There are various protocols, see What IM/P2P Applications & Protocols are Filtered? |
|
Action |
Action taken |
|
|
IP |
IP address of system making request |
|
|
Profile |
Active profile |
|
|
User |
Username |
|
|
Application |
Application used |
|