How can I identify Access Log for the SOCKS protocol?

Solution

Overview

The SOCKS protocol traffic is usually logged with as ACCELERATED under the s-action field. For example:

 

#Fields: date time time-taken c-ip sc-status s-action sc-bytes cs-bytes cs-method cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-username cs-auth-group s-hierarchy s-supplier-name rs(Content-Type) cs(Referer) cs(User-Agent) sc-filter-result cs-categories x-virus-id s-ip

2009-06-16 09:00:48 3 10.105.1.65 0 ACCELERATED 12 13 CONNECT tcp 216.52.23.9 80 / - - - NONE - - - - PROXIED "Computers/Internet" - 10.10.10.10

 

The following fields can also be added into the Access Log for the SOCKS protocol

x-cs-socks-ip

x-cs-socks-port

x-cs-socks-method

x-cs-socks-version

Cause
Resolution
Workaround
Additional Information
Bug Number
InQuira Doc IdFAQ158
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat