Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 2 subscribers
  • Views 5758 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unrecognized firewall log output

most_ahdy
Dear,
      I want to understand the attached output of the firewall log when I try to update Ubuntu 11.10 and this update related to Google Chrome.

Thanks,
Mostafa Aly


This thread was automatically locked due to age.
Parents
  • 0
    1.  Here are the only SYN packets in the firewall log (there are others but they all look like this - with different source addresses).  They're not directed at the end machine but at the firewall's external address itself so I was supposing they didn't have anything to do with the problem but were failed attempts from outside port scanning and such.  I've also included the lines above the SYN packets so you can see 60003, 60001, and 60004 drops.

    2014:05:14-01:02:53 Clamshell ulogd[15288]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:21:70:7a[:D]:b" srcip="174.35.40.35" dstip="192.168.11.39" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="38104" tcpflags="RST" 
    2014:05:14-01:13:28 Clamshell ulogd[15288]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:21:70:7a[:D]:b" srcip="204.17.140.102" dstip="192.168.11.39" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="49857" tcpflags="RST" 
    2014:05:14-01:22:17 Clamshell ulogd[15288]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="80:a1[:D]7:a6:38[:D]d" dstmac="8c:ae:4c:ff:c:7f" srcip="184.105.139.67" dstip="192.168.1.4" proto="17" length="113" tos="0x00" prec="0x00" ttl="52" srcport="53142" dstport="161" 
    2014:05:14-01:29:00 Clamshell ulogd[15288]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="80:a1[:D]7:a6:38[:D]d" dstmac="8c:ae:4c:ff:c:7f" srcip="216.120.248.241" dstip="192.168.1.4" proto="17" length="432" tos="0x00" prec="0x00" ttl="54" srcport="5080" dstport="5060" 
    2014:05:14-01:30:14 Clamshell ulogd[15288]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="80:a1[:D]7:a6:38[:D]d" dstmac="8c:ae:4c:ff:c:7f" srcip="222.174.72.18" dstip="192.168.1.4" proto="6" length="60" tos="0x00" prec="0x00" ttl="42" srcport="33206" dstport="23" tcpflags="SYN" 
    2014:05:14-01:30:16 Clamshell ulogd[15288]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="80:a1[:D]7:a6:38[:D]d" dstmac="8c:ae:4c:ff:c:7f" srcip="222.174.72.18" dstip="192.168.1.4" proto="6" length="60" tos="0x00" prec="0x00" ttl="42" srcport="33206" dstport="23" tcpflags="SYN" 
    2014:05:14-01:30:22 Clamshell ulogd[15288]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="80:a1[:D]7:a6:38[:D]d" dstmac="8c:ae:4c:ff:c:7f" srcip="222.174.72.18" dstip="192.168.1.4" proto="6" length="60" tos="0x00" prec="0x00" ttl="42" srcport="33206" dstport="23" tcpflags="SYN" 
    2014:05:14-01:32:32 Clamshell ulogd[15288]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60004" initf="eth1" srcmac="80:a1[:D]7:a6:38[:D]d" dstmac="8c:ae:4c:ff:c:7f" srcip="116.10.191.182" dstip="192.168.1.4" proto="6" length="44" tos="0x00" prec="0x00" ttl="100" srcport="6000" dstport="22" tcpflags="SYN"
      

    2.  I checked the web filter logs (I do have it turned on in transparent mode using the default rules and only blocking one category - nudity) and everything is "pass".  I am getting some odd entries, which are probably ok but I don't know what they are.  I've included a clip that shows passed traffic and some of the odd entries.  I've also turned the web filter off for a time to see if the issue goes away but it doesn't

    2014:05:14-08:21:01 Clamshell httpproxy[27931]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.11.39" dstip="184.27.178.25" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="74727" request="0xe1a27980" url="184.27.178.25/" exceptions="" error="" authtime="0" dnstime="4" cattime="112302" avscantime="0" fullreqtime="255376308" device="0" auth="0" category="9998" reputation="neutral" categoryname="Uncategorized"
    2014:05:14-08:21:20 Clamshell httpproxy[27931]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.11.38" dstip="65.55.68.119" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="11194" request="0xfe3aee0" url="snt404-m.hotmail.com" exceptions="" error="" authtime="0" dnstime="14" cattime="1183754" avscantime="0" fullreqtime="33545302" device="0" auth="0" category="156" reputation="neutral" categoryname="Web Mail"
    2014:05:14-08:21:23 Clamshell httpproxy[27931]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.11.39" dstip="204.17.140.113" user="" statuscode="204" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xe2b56660" url="clients3.google.com/generate_204" exceptions="" error="" authtime="0" dnstime="156" cattime="548054" avscantime="0" fullreqtime="574464" device="0" auth="0" category="178" reputation="trusted" categoryname="Internet Services"
    2014:05:14-08:21:24 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs18.astaro.com' access time: 106ms"
    2014:05:14-08:21:25 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs14.astaro.com' access time: 139ms"
    2014:05:14-08:21:25 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs25.astaro.com' access time: 189ms"
    2014:05:14-08:21:25 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs26.astaro.com' access time: 304ms"
    2014:05:14-08:21:25 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs08.astaro.com' access time: 334ms"
    2014:05:14-08:21:26 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs22.astaro.com' access time: 376ms"
    2014:05:14-08:21:26 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs19.astaro.com' access time: 397ms"
    2014:05:14-08:21:27 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs12.astaro.com' access time: 382ms"
    2014:05:14-08:21:27 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs16.astaro.com' access time: 304ms"
    2014:05:14-08:21:27 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs24.astaro.com' access time: 107ms"
    2014:05:14-08:21:28 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs23.astaro.com' access time: 1229ms"
    2014:05:14-08:21:29 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs01.astaro.com' access time: 397ms"
    2014:05:14-08:21:29 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs04.astaro.com' access time: 399ms"
    2014:05:14-08:21:29 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs20.astaro.com' access time: 399ms"
    2014:05:14-08:21:30 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs05.astaro.com' access time: 403ms"
    2014:05:14-08:21:30 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs27.astaro.com' access time: 399ms"
    2014:05:14-08:21:31 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs21.astaro.com' access time: 418ms"
    2014:05:14-08:21:31 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs02.astaro.com' access time: 411ms"
    2014:05:14-08:21:31 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs11.astaro.com' access time: 433ms"
    2014:05:14-08:21:32 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs03.astaro.com' access time: 249ms"
    2014:05:14-08:21:32 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs17.astaro.com' access time: 506ms"
    2014:05:14-08:21:33 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs09.astaro.com' access time: 518ms"
    2014:05:14-08:21:33 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs10.astaro.com' access time: 510ms"
    2014:05:14-08:21:34 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs07.astaro.com' access time: 354ms"
    2014:05:14-08:21:34 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs15.astaro.com' access time: 472ms"
    2014:05:14-08:21:34 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs06.astaro.com' access time: 221ms"
    2014:05:14-08:21:35 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs13.astaro.com' access time: 229ms"
    2014:05:14-08:21:51 Clamshell httpproxy[27931]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.11.39" dstip="23.59.191.96" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="83486" request="0xe2e4f100" url="23.59.191.96/" exceptions="" error="" authtime="0" dnstime="4" cattime="106244" avscantime="0" fullreqtime="209283764" device="0" auth="0" category="9998" reputation="neutral" categoryname="Uncategorized"
    2014:05:14-08:22:20 Clamshell httpproxy[27931]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.11.39" dstip="31.13.77.55" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="418946" request="0xa611dc0" url="31.13.77.55/" exceptions="" error="" authtime="0" dnstime="4" cattime="107359" avscantime="0" fullreqtime="472994931" device="0" auth="0" category="9998" reputation="neutral" categoryname="Uncategorized"
    2014:05:14-08:22:24 Clamshell httpproxy[27931]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.11.39" dstip="204.17.140.112" user="" statuscode="204" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xe2c6aaa0" url="clients3.google.com/generate_204" exceptions="" error="" authtime="0" dnstime="752" cattime="107071" avscantime="0" fullreqtime="133976" device="0" auth="0" category="178" reputation="trusted" categoryname="Internet Services"

    3.  I have the IPS turned off
Reply
  • 0
    1.  Here are the only SYN packets in the firewall log (there are others but they all look like this - with different source addresses).  They're not directed at the end machine but at the firewall's external address itself so I was supposing they didn't have anything to do with the problem but were failed attempts from outside port scanning and such.  I've also included the lines above the SYN packets so you can see 60003, 60001, and 60004 drops.

    2014:05:14-01:02:53 Clamshell ulogd[15288]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:21:70:7a[:D]:b" srcip="174.35.40.35" dstip="192.168.11.39" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="38104" tcpflags="RST" 
    2014:05:14-01:13:28 Clamshell ulogd[15288]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:21:70:7a[:D]:b" srcip="204.17.140.102" dstip="192.168.11.39" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="49857" tcpflags="RST" 
    2014:05:14-01:22:17 Clamshell ulogd[15288]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="80:a1[:D]7:a6:38[:D]d" dstmac="8c:ae:4c:ff:c:7f" srcip="184.105.139.67" dstip="192.168.1.4" proto="17" length="113" tos="0x00" prec="0x00" ttl="52" srcport="53142" dstport="161" 
    2014:05:14-01:29:00 Clamshell ulogd[15288]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="80:a1[:D]7:a6:38[:D]d" dstmac="8c:ae:4c:ff:c:7f" srcip="216.120.248.241" dstip="192.168.1.4" proto="17" length="432" tos="0x00" prec="0x00" ttl="54" srcport="5080" dstport="5060" 
    2014:05:14-01:30:14 Clamshell ulogd[15288]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="80:a1[:D]7:a6:38[:D]d" dstmac="8c:ae:4c:ff:c:7f" srcip="222.174.72.18" dstip="192.168.1.4" proto="6" length="60" tos="0x00" prec="0x00" ttl="42" srcport="33206" dstport="23" tcpflags="SYN" 
    2014:05:14-01:30:16 Clamshell ulogd[15288]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="80:a1[:D]7:a6:38[:D]d" dstmac="8c:ae:4c:ff:c:7f" srcip="222.174.72.18" dstip="192.168.1.4" proto="6" length="60" tos="0x00" prec="0x00" ttl="42" srcport="33206" dstport="23" tcpflags="SYN" 
    2014:05:14-01:30:22 Clamshell ulogd[15288]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="80:a1[:D]7:a6:38[:D]d" dstmac="8c:ae:4c:ff:c:7f" srcip="222.174.72.18" dstip="192.168.1.4" proto="6" length="60" tos="0x00" prec="0x00" ttl="42" srcport="33206" dstport="23" tcpflags="SYN" 
    2014:05:14-01:32:32 Clamshell ulogd[15288]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60004" initf="eth1" srcmac="80:a1[:D]7:a6:38[:D]d" dstmac="8c:ae:4c:ff:c:7f" srcip="116.10.191.182" dstip="192.168.1.4" proto="6" length="44" tos="0x00" prec="0x00" ttl="100" srcport="6000" dstport="22" tcpflags="SYN"
      

    2.  I checked the web filter logs (I do have it turned on in transparent mode using the default rules and only blocking one category - nudity) and everything is "pass".  I am getting some odd entries, which are probably ok but I don't know what they are.  I've included a clip that shows passed traffic and some of the odd entries.  I've also turned the web filter off for a time to see if the issue goes away but it doesn't

    2014:05:14-08:21:01 Clamshell httpproxy[27931]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.11.39" dstip="184.27.178.25" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="74727" request="0xe1a27980" url="184.27.178.25/" exceptions="" error="" authtime="0" dnstime="4" cattime="112302" avscantime="0" fullreqtime="255376308" device="0" auth="0" category="9998" reputation="neutral" categoryname="Uncategorized"
    2014:05:14-08:21:20 Clamshell httpproxy[27931]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.11.38" dstip="65.55.68.119" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="11194" request="0xfe3aee0" url="snt404-m.hotmail.com" exceptions="" error="" authtime="0" dnstime="14" cattime="1183754" avscantime="0" fullreqtime="33545302" device="0" auth="0" category="156" reputation="neutral" categoryname="Web Mail"
    2014:05:14-08:21:23 Clamshell httpproxy[27931]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.11.39" dstip="204.17.140.113" user="" statuscode="204" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xe2b56660" url="clients3.google.com/generate_204" exceptions="" error="" authtime="0" dnstime="156" cattime="548054" avscantime="0" fullreqtime="574464" device="0" auth="0" category="178" reputation="trusted" categoryname="Internet Services"
    2014:05:14-08:21:24 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs18.astaro.com' access time: 106ms"
    2014:05:14-08:21:25 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs14.astaro.com' access time: 139ms"
    2014:05:14-08:21:25 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs25.astaro.com' access time: 189ms"
    2014:05:14-08:21:25 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs26.astaro.com' access time: 304ms"
    2014:05:14-08:21:25 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs08.astaro.com' access time: 334ms"
    2014:05:14-08:21:26 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs22.astaro.com' access time: 376ms"
    2014:05:14-08:21:26 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs19.astaro.com' access time: 397ms"
    2014:05:14-08:21:27 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs12.astaro.com' access time: 382ms"
    2014:05:14-08:21:27 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs16.astaro.com' access time: 304ms"
    2014:05:14-08:21:27 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs24.astaro.com' access time: 107ms"
    2014:05:14-08:21:28 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs23.astaro.com' access time: 1229ms"
    2014:05:14-08:21:29 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs01.astaro.com' access time: 397ms"
    2014:05:14-08:21:29 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs04.astaro.com' access time: 399ms"
    2014:05:14-08:21:29 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs20.astaro.com' access time: 399ms"
    2014:05:14-08:21:30 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs05.astaro.com' access time: 403ms"
    2014:05:14-08:21:30 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs27.astaro.com' access time: 399ms"
    2014:05:14-08:21:31 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs21.astaro.com' access time: 418ms"
    2014:05:14-08:21:31 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs02.astaro.com' access time: 411ms"
    2014:05:14-08:21:31 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs11.astaro.com' access time: 433ms"
    2014:05:14-08:21:32 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs03.astaro.com' access time: 249ms"
    2014:05:14-08:21:32 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs17.astaro.com' access time: 506ms"
    2014:05:14-08:21:33 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs09.astaro.com' access time: 518ms"
    2014:05:14-08:21:33 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs10.astaro.com' access time: 510ms"
    2014:05:14-08:21:34 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs07.astaro.com' access time: 354ms"
    2014:05:14-08:21:34 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs15.astaro.com' access time: 472ms"
    2014:05:14-08:21:34 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs06.astaro.com' access time: 221ms"
    2014:05:14-08:21:35 Clamshell httpproxy[27931]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs13.astaro.com' access time: 229ms"
    2014:05:14-08:21:51 Clamshell httpproxy[27931]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.11.39" dstip="23.59.191.96" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="83486" request="0xe2e4f100" url="23.59.191.96/" exceptions="" error="" authtime="0" dnstime="4" cattime="106244" avscantime="0" fullreqtime="209283764" device="0" auth="0" category="9998" reputation="neutral" categoryname="Uncategorized"
    2014:05:14-08:22:20 Clamshell httpproxy[27931]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.11.39" dstip="31.13.77.55" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="418946" request="0xa611dc0" url="31.13.77.55/" exceptions="" error="" authtime="0" dnstime="4" cattime="107359" avscantime="0" fullreqtime="472994931" device="0" auth="0" category="9998" reputation="neutral" categoryname="Uncategorized"
    2014:05:14-08:22:24 Clamshell httpproxy[27931]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.11.39" dstip="204.17.140.112" user="" statuscode="204" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xe2c6aaa0" url="clients3.google.com/generate_204" exceptions="" error="" authtime="0" dnstime="752" cattime="107071" avscantime="0" fullreqtime="133976" device="0" auth="0" category="178" reputation="trusted" categoryname="Internet Services"

    3.  I have the IPS turned off
Children
No Data
Unfiltered HTML