How can I identify Access Log for the SOCKS protocol?


<< Back to Knowledge Search

Solution

Overview

The SOCKS protocol traffic is usually logged with as ACCELERATED under the s-action field. For example:

 

#Fields: date time time-taken c-ip sc-status s-action sc-bytes cs-bytes cs-method cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-username cs-auth-group s-hierarchy s-supplier-name rs(Content-Type) cs(Referer) cs(User-Agent) sc-filter-result cs-categories x-virus-id s-ip

2009-06-16 09:00:48 3 10.105.1.65 0 ACCELERATED 12 13 CONNECT tcp 216.52.23.9 80 / - - - NONE - - - - PROXIED "Computers/Internet" - 10.10.10.10

 

The following fields can also be added into the Access Log for the SOCKS protocol

x-cs-socks-ip

x-cs-socks-port

x-cs-socks-method

x-cs-socks-version

Cause
Resolution
Workaround
Additional Information
Bug Number
InQuira Doc IdFAQ158
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      ProxySG
Topic      Access Logging
Article Number      000009926
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat