Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Request a Demo
Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Request a Demo
Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
Trustwave SpiderLabs Team
Global researchers, ethical hackers, and responders
Trustwave Fusion Security Operations Platform
Unprecedented security visibility and control
Trustwave Security Colony
Access to cybersecurity threat protection resources
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP
Loading...
Loading...

Trustwave Knowledge Base

Home » Knowledgebase » Legacy Products » Firewall Suite » HOWTO: How do I configure Inktomi Traffic Server to produce WELF...

HOWTO: How do I configure Inktomi Traffic Server to produce WELF log files?

Expand / Collapse
Show/Hide Article Tools


This article applies to:

  • Firewall Suite

Question:

How do I configure Inktomi Traffic Server to produce WELF log files?

Procedure:

For versions of Traffic Server earlier than 4.0:

To activate custom logging you must manually define an entry for WELF in the logs.config file.

To manually define an entry:

  1. Open the logs.config file in a text editor.

  2. Insert the following, making sure that it is all entered on a single line:

    format:enabled:1:welf:id=firewall time="%<cqtd> %<cqtt>" fw=%<phn> pri=6 proto=%<cqus> duration=%<ttmsf> sent=%<psql> rcvd=%<cqhl> src=%<chi> dst=%<shi> dstname=%<shn> user=%<caun> op=%<cqhm> arg="%<cqup>" result=%<pssc> ref="%<{Referer}cqh>" agent="%<{user-agent}cqh>" cache=%<crc>:welf:ASCII:# INKTOMI WELF

  3. If you are using any other custom format in the logs.config file, change the 1 in this portion of the code: format:enabled:1 to any number that is not used by one of the other formats (each format should have a unique identifier).


For versions of Traffic Server greater than 4.0:

Traffic Sever versions 4.0 and later support the WELF format in the XML-based custom configuration format as well as in the traditional custom log format. These versions have predefined entries for WELF in both the logs.config and logs_xml.config files, so you do not have to configure them manually.

Notes:

Traffic Server stores all log files in the directory specified by the Log Directory text box in the Logging page of the Configure tab in the user interface of the WebTrends application. This is equivalent to the configuration variable located in the records.config file:

    proxy.config.log2.logfile_dir

The actual log file you should use depends on the configuration of the Traffic Server. Normally this file is called welf.log, but you may change the name to your liking.

The Traffic Server can output access logs in several built-in formats (squid, Netscape common, extended, and extended2) or in user-defined custom formats. Support for the WebTrends Extended Log File (WELF) format is achieved through the custom log facility.

Before you can use the custom log facility of Traffic Server, you must perform the following operations:

  • Define a custom format.

  • Activate custom logging.


These operations are discussed in the following section.

The Traffic Server provides two ways of defining a custom format. One is the "traditional" style, using the configuration file logs.config. While this style is very simple to use, it is not particularly flexible. The second way to define a custom format involves a more powerful and flexible XML-based style that uses the logs_xml.config file. If you are using a Traffic Server version earlier than 4.0, support for the WebTrends Extended Log File (WELF) format is limited to the "traditional" style. However, versions 4.0 and later support both the traditional and the XML-based styles.

This article was previously published as:
NETIQKB1496

To contact Trustwave about this article or to request support:

Rate this Article:
     
Tags:

Add Your Comments


Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster.


Execution: 0.031. 8 queries. Compression Disabled.
Powered by InstantKB.NET