Detailed Log Files
WinProxy provides the ability to log all network activity passing through it. There are two types of logs, the Activity Log and the Detailed Log. The Activity Log is a sequential text log. Designed for a human-readable report of WinProxy activity as it happens, it's better suited for trouble-shooting than is the machine-readable detailed log (which is better suited for third-party applications which produce activity summaries).
A sample activity logging application, ProxyLog.exe, is included with WinProxy, along with its source code. You're welcome to modify this source code for your own use, though not to distribute or sell such modifications. ProxyLog is written as a Windows 95/98/NT/2000/Me/XP console application (i.e., it runs in a DOS box) and it outputs all logging information directly to the screen. Proxylog can be started at any time. Soon after proxylog starts, WinProxy connects to it and begins sending log information. Proxylog is strictly a passive "listening" application. It won't send information back to WinProxy, and WinProxy won't listen for any such information. The Detailed Log is designed to be readable by applications such as WebTrends Professional Suite (the version with a "proxy analysis" function). It contains information such as which computer was connected to the Internet and which sites were visited for how long.
Logging Options
Enable sending activity information to remote computer
When this option is enabled, WinProxy sends activity log information to the designated port and IP address. The listening application can be run anywhere on the network. All HTTP requests and commands, FTP requests, Telnet and other protocol connections, Dialing requests, and error messages are logged, together with the date and time of occurrence. If WinProxy is unable to connect to a logging application, it continues to function with logging disabled.
- Address: This parameter tells WinProxy the location of a logging application. This application can be located anywhere on the network, including the WinProxy machine itself. Although it's possible to send logging information outside your local network, it's a significant security risk. As such, we strongly discourage doing so. The default IP setting for this box is the loopback address, 127.0.0.1. We recommend changing it to do logging from one of your client computers-or, at the least, changing the IP address to the WinProxy internal IP address (rather than the loopback address).
- Port: Along with the logging IP, this parameter tells WinProxy where to send activity logging information. The default value of port 8000 is also the default port used by the sample logging application. If this value is left blank or is invalid logging is disabled.
Enable Detailed Logging
The detailed log provides a log file in comma delimited format for each day. This log is designed to be read by software which does statistical reporting on proxy servers. Each connection through WinProxy is logged, as well as all connection information. These files can become quite lengthy. You must ensure that you have enough room for these logs; if this option is enabled and WinProxy is unable to write to the detailed log file for any reason, access to the Internet is shut down.
- To file: When enabled, log files are saved in the WinProxy 5.0 directory. Note: If detailed logging is enabled, WinProxy won't permit connections to the Internet if it's unable to open or write to the logging file.
- Delete old logs after: WinProxy can be set to automatically delete older detail logs. These files can get quite large, taking up lots of disk space. The default setting is 0 days.
- To remote computer: When enabled, log files are sent to a remote location, which you specify by entering in the Address and Port that Connlog/ConnlogXP is running.
- Connlog/ConnlogXP: WinProxy can send logs, Connlog/ConnXp are applications that allow you to recieve your logs on a remote computer, located somewhere on your intranet, or across the Internet. The difference between Connlog and ConnlogXP is Connlog is a Dos-based application, whereas ConnlogXP has a GUI interface, opening like any other application in Windows.
The Connlog.exe application should be run on machine that is accessible over the internet on TCP port 8001. If the machine that will run Connlog is behind a firewall or NAT router, then port 8001 should be mapped through that firewall or NAT router to the IP address of the machine running Connlog, and WinProxy logging should be pointed to the external IP address of that firewall or NAT router. The Connlog application itself can be downloaded directly from the Logging page within the WinProxy Admin interface. Connlog normally listens on port 8001, but can be configured to listen on any port. To do this, start Connlog from a command prompt with an port argument, like this:
Connlog.exe/P:4321
This example will start Connlog and make it listen on TCP port 4321. An argument of "/V" may also be used to force Connlog to mirror it's output to the screen, in addition to file. The Connlog application will write the incoming log data to a file in the same directory as itself. The file name will include the current date. Connlog will automatically close the current log file and start a new one when the system date changes. This way, if Connlog is left running for an extended period, one log file per day will be created. In some cases, extreme interruptions to the Connlog connection will cause it to close the current log file and create a new one once the connection is reestablished. In these cases, the first log file will NOT be overwritten, and the new log file's name will add a number to the end of the file name, so no log information will be lost beyond what may be lost by the connection interruption.
Log Files: This is where alert errors are logged for WinProxy. If there are any alerts, then a hyperlinked log file would be displayed, that would load in a browser so that you can peruse the log to see what error occurred.
