/usr/share/doc/lire/user-manual/ch14s03.html is in lire-doc 2:2.1.1-2.1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>WebTrends Enhanced Format</title><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Lire User's Manual"><link rel="up" href="ch14.html" title="Chapter 14. Proxy Supported Log Formats"><link rel="prev" href="ch14s02.html" title="Squid™"><link rel="next" href="ch15.html" title="Chapter 15. Syslog Supported Log Formats"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">WebTrends Enhanced Format</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch14s02.html">Prev</a> </td><th width="60%" align="center">Chapter 14. Proxy Supported Log Formats</th><td width="20%" align="right"> <a accesskey="n" href="ch15.html">Next</a></td></tr></table><hr></div><div class="section" title="WebTrends Enhanced Format"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id384392"></a>WebTrends Enhanced Format</h2></div></div></div><p>The WELF format is a format developed by WebTrends and
supported by many firewall vendors. Products can save log
files in that format directly or can log through
<span class="command"><strong>syslog</strong></span>. Either the WELF log
files or <span class="command"><strong>syslog</strong></span>'s log files contain
WELF information. This format can be used by packet
filter firewalls, proxies or network intrusion detection
devices. This <span class="application">Lire</span> superservice will only process records
that are related to proxy services (either application proxy like a
web proxy or a transport proxy like for the telnet protocol).
</p><div class="example"><a name="id384446"></a><p class="title"><b>Example 14.3. WELF Log Sample</b></p><div class="example-contents"><pre class="programlisting">
WTsyslog[1998-08-01 00:04:11 ip=10.0.0.1 pri=6] id=firewall \
time="1998-08-01 00:08:52" fw=WebTrendsSample pri=6 proto=http \
src=10.0.0.2 dst=10.0.0.3 dstname=1.example.com \
arg=/selfupd/x86/en/WULPROTO.CAB op=GET result=304 sent=898
WTsyslog[1998-08-01 00:04:12 ip=10.0.0.1 pri=6] id=firewall \
time="1998-08-01 00:08:52" fw=WebTrendsSample pri=6 proto=http \
src=10.0.0.2 dst=10.0.0.3 dstname=1.example.com \
arg=/selfupd/x86/en/CUNPROT2.CAB op=GET result=304 sent=853
WTsyslog[1998-08-01 00:04:23 ip=10.0.0.1 pri=6] id=firewall \
time="1998-08-01 00:09:03" fw=WebTrendsSample pri=6 proto=http \
src=10.0.0.2 dst=10.0.0.3 dstname=1.example.com \
arg=/R510/v31content/90820/0x00000409.gng op=GET result=304 sent=2983
WTsyslog[1998-08-01 03:02:03 ip=10.0.0.1 pri=6] id=firewall \
time="1998-08-01 03:06:43" fw=WebTrendsSample pri=6 proto=http \
src=10.0.0.2 dst=10.0.0.4 dstname=2.example.com arg=/ op=POST \
result=200 sent=2195
WTsyslog[1998-08-01 16:25:33 ip=10.0.0.1 pri=6] id=firewall \
time="1998-08-01 06:30:09" fw=WebTrendsSample pri=6 proto=http \
src=10.0.0.5 dst=10.0.0.6 dstname=3.example.com \
arg=/portal/brand/images/logo_pimg.gif op=GET result=304 rcvd=1036
</pre></div></div><br class="example-break"></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ch14s02.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="ch14.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="ch15.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top"><span class="productname">Squid</span>™ </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 15. Syslog Supported Log Formats</td></tr></table></div></body></html>
|