Logging traffic of bad requests

Logging raw TCP traffic can be used to identify issues with bad requests. It provides debug level details for requests that were refused by ICAP Server's request parser due to syntax errors.

Important notes

Logging raw TCP traffic is not designed to be constantly enabled. It should only be used for investigating issues for short periods of time. Keeping it enabled permanently may impact performance. If running for too long, the log database can become huge and significantly reduce the available disk space.

Raw TCP traffic logs may contain sensitive or private information in a clear-text format.

Step-by-step guide

For configuration details see 3.1.2 MetaDefender ICAP Server configuration file.

Windows

Enable logging raw TCP traffic

Perform the following steps to enable traffic logging:

  1. Make sure MetaDefender ICAP Server is stopped
Copy

  1. Open the Windows Registry with regedit. Go to the HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\ICAP Server\logger entry

  2. Add following entry with value:

    1. Name: capture_traffic
    2. Type: String (REG_SZ)
    3. Value: 1

  3. Close the registry editor

  4. Start MetaDefender ICAP server

Copy

Disable logging raw TCP traffic

Perform the following steps to disable traffic logging:

  1. Make sure MetaDefender ICAP Server is stopped
Copy

  1. Open the Windows Registry with regedit. Go to the HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\ICAP Server\logger entry

  2. Delete or modify the following entries with the following values:

    1. Name: capture_traffic
    2. Type: String (REG_SZ)
    3. Value: 0

  3. Close the registry editor

  4. Start MetaDefender ICAP server

Copy

Linux (CentOS syntax)

Enable logging raw TCP traffic

Perform the following steps to enable traffic logging:

  1. Make sure MetaDefender ICAP Server is stopped
Copy

  1. Edit /etc/mdicapsrv/mdicapsrv.conf

  2. Add or modify the following entry under the [logger] section with the following value:

    1. capture_traffic=1

  3. Save and close the configuration file

  4. Start MetaDefender ICAP server

Copy

Disable logging raw TCP traffic

Perform the following steps to enable traffic logging:

  1. Make sure MetaDefender ICAP Server is stopped
Copy

  1. Edit /etc/mdicapsrv/mdicapsrv.conf

  2. Delete or modify the following entry under the [logger] section with the following value:

    1. capture_traffic=0

  3. Save and close the configuration file

  4. Start MetaDefender ICAP server

Copy
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Internet connection
On This Page
Logging traffic of bad requestsImportant notesStep-by-step guideWindowsEnable logging raw TCP trafficDisable logging raw TCP trafficLinux (CentOS syntax)Enable logging raw TCP trafficDisable logging raw TCP traffic