MS proxy Usage (a) 2

To understand the contents of the log file, the following is the definition of each field in the log file, which is in the same order as you see in the log file. Remember that the log files for Web Proxy and Winsock Proxy are the same in format. The regular log does not omit any data fields, but it reduces some amount of information.

1. Client IP (clientip): This field is connected to the client IP address of proxy. When Web Proxy activates a buffering task (to be connected to the external Web to refresh the buffered content), it logs an entry to the log file, which is the Web Proxy server's own IP.
2. Customer username (clientusername): If the proxy client user's name is known, it will appear in this field. If it is an anonymous user, the value of this field is "anonymous".
3. Customer Agent (clientagent): This field is the proxy name for the client to access the proxy server. If it is a Web proxy customer, then the client application will send this information to the Web Proxy in connection with the hair. If it is a Winsock proxy client, the Winsock client software on the workstation will determine the actual name of the program's operation and pass it to Winsock Proxy via the control channel. This field also contains important information about the customer's operating system, separated by a colon from the proxy name. For Web Proxy customers, this information may or may not be passed to the server in the connection header. For Winsock customers, this information is always passed to the server via Winsock client software. An example of an operating system message passed to the Web proxy by the customer: compatible; IE3; WIN95. Operating system information is passed from one client to Winsock Proxy looks like this: 2:4:0, this is WINDOWS95 code. The following table is a breakdown of the operating system code in the Winsock Proxy log.


0:3.1 Windows 3.1
0:3.11 Windows for Workgroups
0:3.95 Windows (Connection made by a 16-bit client application.)
1:3.11 Windows for Workgroups (connection by a client using the Win32s extensions.)
2:4.0 Windows (Connection made by a 32-bit client.)
3:3.51 Windows NT 3.51
3:4.0 Windows NT 4.0


The example of a WEB proxy full record of this field value is: mozilla/2/0 (compatible; MSIE 3.0; Windows 95). WinSock Proxy full record This field value sample is: Ws_ftp32. exe:2:4.0. The Web proxy records that the exact value of the field changes depending on the client application's header information that is passed to the Web proxy when the proxy connection is made
4. Authentication (clientauthenticate): This field indicates whether the customer is a confirmed connection, and the Y value represents the customer's checksum through the NT security database.
5. Date of record: Proxy Server establishes the date of the record
6. Record time (LogTime): The time the PROXY server established the record
7. Server name (ServerName): The name of the server added to the log record. When verbose logging is selected, Wspsrv represents the Web Proxy for Winsock Proxy,w3proxy. When you select a regular log, the field is two numeric, and 1 represents Winsock Proxy for the Web proxy,2.
8. Proxy Name: The name of the NT server running Proxy server. This is a NetBIOS name.
9. Submit server name (referring server name): This is a reserved field under the current version. A later version of Proxy Server will use it to save the name of the downlink proxy server, which is connected to the current proxy server. This is useful in a collaborative cascade of proxy server groups
10. Destination Name (desthost): This field indicates the domain name that the customer connects to through Proxy server. It is not always the name of the client connection request, because some sites on the web automatically perform connection forwarding. If the information is emitted from the buffer (only Web proxy), the field has no content.
11. Destination IP Address (desthostip): This field holds the IP address of the client connecting to the host through Proxy server, as in the previous field, if the information is obtained from the web buffer, the field is not content.
12. Destination Port (Desthostport): The TCP/IP port that is connected between the proxy server and the target site. If no data is transferred to the client, the field is not content, and the field is used only by Web Proxy. WinSock Proxy has no content in this field.
13. Processing time (processingtime): Proxy server Gets the time (in milliseconds) it takes for the client to send information. Once proxy server receives the result code from the destination Web, the clock stops. If the information is emitted from the Web proxy buffer, the field indicates how long it will take to locate the information and send it to the client.
14. Bytes sent (bytessent): The number of bytes that Proxy server sends to the client. If no information is sent to the client, the field may be empty. Only Web proxy uses this field.
15. Bytes received (BYTESRECV): This field records the number of bytes that proxy server receives at the client. The size is the number of requests sent to the proxy by the client. Like the previous field, this field is used only by Web Proxy. If the field is empty in the Web proxy log, it may be that the client did not send data or did not provide size information.
16. Protocol name (PROTOCOL): In the Web Proxy log, the contents of this field are: HTTP, FTP, Gopher, or Secure, depending on the protocol used by the customer. In the Winsock Proxy log, this field is a common digital protocol for client connections (for example, 110 of the SMTP connection)
Transport: The transport method that is used between the client and the proxy server. Web proxy connections are always TCP. The Winsock proxy connection will be TCP, UDP, or ipx/spx.
Operation: Records the transfer operations performed by proxy server. Web Proxy can record get, put, post, and head. WinSock Proxy can record connect, Accept, SendTo, Recvfrom and gethostbyname.
19. Object name: This field records the name of the object received by Web Proxy, and the WinSock proxy log is empty.
Object MIME: Only Web proxy uses this field. Logs the received MIME type object. If the target server is undefined or unsupported, the field contains the following string:
MIME Type Definition
Application/x-msdownload Application
Image/gif gif Image
Image/jpeg JPG Image
Multipart/x-zip Zip Archive
Text/plain ASCII Text File
Object Source: Only Web proxy uses, where the field records where the object comes from. The record reads as follows:
n Field Value Definition
N Unknown Proxy Server could not determine where the object originated.
N Cache Object found in cache.
n Rcache Object found on the Internet. Objects was added to cache.
N vcache Object found in cache. Object is verified against target object on the Internet.
N Nvcache object found in cache but could the not is verified against target Object on the Internet. Object is still returned to client.
n vfinet Object found on the Internet. Object could not is verifed against source.
n pragnocacheinet Object found on the Internet. HTTP header indicates that the object should is cached.
n Inet Object found on the Internet. Object is not added to the cache.
1. Result code: The field is connected to the Internet site to return the resulting code for the received object. The field value is very wide, and the Web proxy and the WinSock proxy record different values in that field. In the Web proxy record, a value below 100 represents the Windows error code, an HTTP status code between 100 and 1000, and more than 10000 of the WinInet or Winsock error codes. The three most common code for WEB proxy Records is 200 (successful connections), 10060 (connection timeout), 10065 (not reaching the host). In the Winsock proxy record, the value of the field is one of the following:
Code Definition

0 successful Connection
1 Server failure
2 rejection by Proxy due to filtering
3 Network unreachable due to no DNS service available.
4 Host unreachable because no DNS entry could is found for the host.
5 Connection refused by target Internet site.
6 Unsupported client request (perhaps the client is using a non-compliant TCP/IP stack or the WinSock call are from a non-s upported version.
7 Unsupported address type.

Detailed fields and general fields
When you select a generic record, some fields are simply populated with "-", and the verbose record records all the known data in the previous list. The general log only records the following fields:
Client Computer IP
Client User Name
Authentication Status
Date logged
Time logged
Server Name
Destination Name
Destination Port
Protocol Name
Object Name
Object Source
Result Code

Reading logs can sometimes be very confusing because it sometimes seems that the proxy server does not have the correct information logged. The most important thing to remember is to keep the fields in the right order, and you'll soon be able to understand them correctly.