3 Replies Latest reply on Jun 28, 2012 3:27 PM by eelsasser

    Logs functionality in MWG as ICAP Server

      Hi.

       

      I'm looking for the best configuration for logs information considering that my mwg is working as an ICAP Server. I have a squid doing the proxy function (icap client).

       

      Besides that, is there any problem, with regard to logs, if mwg works in both reqmode and respmode?

       

      Thanks in advance,

       

      Fabio.

        • 1. Re: Logs functionality in MWG as ICAP Server
          Jon Scholten

          What version are you running?

           

          When using MWG 6, you may need to check the boxes for REQMOD/RESPMOD, instead of Proxy gateway (see below):

          loggingv6.png

           

          In MWG 7, there shouldnt be anything you should need to do.

           

          In terms of log file structure, I typically recommend the following format on MWG 6:

          src_ip - "auth_user" time_stamp"req_line" status_code bytes_to_client "referer""user_agent" "attribute" block_res "media_type""profile" elapsed_time "virus_name" "categories"

           

          In MWG 7, there shouldnt be anything you should need to do to the log format either.

           

          Let me know if this helps,

          Jon

          • 2. Re: Logs functionality in MWG as ICAP Server

            Thank you Jon.

             

            Your answer helps me. I'm using MWG 7.2.

             

            Would you help me once more? There is an option called "bypass RESPmod for responses that must not contain a body" in Configuration > Appliances > nameofappliance > Proxies (HTTP(S), FTP, ICAP and IM), at the bottom of the page in Advanced Settings. What this option really does? In what circunstances?

             

            Thanks,

            Fabio.

            • 3. Re: Logs functionality in MWG as ICAP Server

              I'm not sure exactly, but here's what I think it does.

               

              Sometimes a response code is defined by the RFC to never include body data int he response.

              For example:

              204 No Content

              The 204 response MUST NOT include a message-body, and thus is always terminated by the first empty line after the header fields.

               

              There are some applications that abuse the HTTP protocol and violate the RFC.

              If MWG enforces strict RFC compliance, then it will break some applications.

              In order to allow some of these violations we have to bypass this condition.

               

              That's my best guess.