Forum Discussion
JRahm
Apr 20, 2007Admin
Why not just set the variables in the request and print everything in the response?
when HTTP_REQUEST {
set http_request_time [clock clicks -milliseconds]
set client_ip [IP::remote_addr]
set client_request "[HTTP::method]/[HTTP::host][HTTP::uri]"
set client_browser [HTTP::header User-Agent]
set client_referer [HTTP::header exists Referer]
set http_version [HTTP::version]
set jsess_cookie [HTTP::cookie exists JSESSIONID]
}
when HTTP_RESPONSE {
set http_response_time [ clock clicks -milliseconds ]
log local0. "
Client IP: $client_ip, \
Requesting: $client_request, \
Browser: $client_browser, \
Referer: $client_referer, \
HTTP version $http_version, \
JSESSION Cookie: $jsess_cookie, \
HTTP status: [HTTP::status], \
Response Size: [HTTP::payload length], \
Duration: [expr $http_response_time - $http_request_time]"
}
Here's a sample of the output
Apr 20 11:39:18 tmm tmm[27297]: Rule apache_like_log : Client IP: 10.1.1., Requesting: GET/10.1.1.2/cacti/graph_image.php?local_graph_id=954&rra_id=0&view_type=tree&graph_start=1177000723&graph_end=1177087123, Browser: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Q312461; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1), Referer: 1, HTTP version 1.1, JSESSION Cookie: 0, HTTP status: 200, Response Size: 989, Duration: 878