Squid Web Proxy Sample Event Messages
Use these sample event messages to verify a successful integration with JSA.
Note:
Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.
Squid Web Proxy Sample Messages when you use the Syslog Protocol
Sample 1: The following sample event message shows that a client issued a no-cache pragma.
<14>Apr 29 10:23:13 user2: Info: 1556526193.765 100020 172.16.0.1 TCP_CLIENT_REFRESH_MISS/-50 4499 GET http://www.test.test/xx/test "TEST\userx@test" DIRECT/test.test text/html DEFAULT_CASE_12-ASI_HTTP_Test-PSA_HTTP_NTLM-NONE-NONE-NONE-DefaultGroup <IW_fnnc,-3.0,0,"-",0,0,0,1,"-",-,-,-,"-",1,-,"-","-",-,-,IW_fnnc,-,"-","-","Unknown","Unknown","- ","-",0.36,0,-,"Unknown","-",-,"-",-,-,"-","-",-,-,"-"> - 795 user2
|
JSA field name |
Highlighted values in the event payload |
|---|---|
|
Event ID |
TCP_CLIENT_REFRESH_MISS |
|
Source IP |
172.16.0.1 |
|
Username |
TEST\userx@test |
|
Device Time |
Apr 29 10:23:13 |
Sample 2: The following sample event message shows that access is denied.
<166>Jan 05 15:45:39 remotelogger: 1515079800.000 10.146.139.172 TCP_DENIED/407 2052 CONNECT phone.clients.example.com:443 - NONE/192.168.121.158 text/html
|
JSA field name |
Highlighted values in the event payload |
|---|---|
|
Event ID |
TCP_DENIED |
|
Source IP |
10.146.139.172 |
|
Destination IP |
192.168.121.158 |
|
Device Time |
Jan 05 15:45:39 |