Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Http Log - how to not log Kerio traffic (Trying to disable http logging on Kerio Control’s IP or disable jsonrpc logging)
  •  
Kraken

Messages: 5
Karma: -3
Send a private message to this user
Hello,

I have a question about the Http log:
Whenever I connect to the administration, an absurd number of log entries are created in the Http log, which looks like this:
"192.X.X.X - Admin [20 / Sep / 2017: 10: 56: 26 +0200]" POST https: //192.X.X.X/admin/api/jsonrpc/ HTTP / 1.1 "200 128120"

It would be ok, but there is a new line (the same row) for every two seconds. This is about 50 unnecessary lines of 2 that are really important. Reading the log is nearly impossible in this manner. I tried to search for some solutions on the Internet, but I haven't found it anywhere.

So, my question is: Is there a possibility to disable logging or not to log Http for any IP address (or at least set it to ignore Http from IP where do you use Kerio control)?

Thanks for help.

[Updated on: Tue, 26 September 2017 17:15]

  •  
Brian (GFI/Kerio)

Messages: 778
Karma: 79
Send a private message to this user
Yes indeed the HTTP log is quite verbose. You can disable it by right clicking in the log view and choosing 'log settings'. I typically recommend disabling it. The web log provides similar information but in a more human readable format.

Brian Carmichael
Instructional Content Architect
  •  
Kraken

Messages: 5
Karma: -3
Send a private message to this user
Thank you for your suggestion. Unfortunately, that's not what I was asking for completely disabling the log will not accomplish anything I would lose a big part of the information.
For example in the Http log, you can see these lines:

10.1.1.X - - [21/Sep/2017:19:11:57 +0200] "GET Xttp://169.54.83.X/din.aspx? HTTP/1.1" 200 24
10.1.1.X - - [21/Sep/2017:19:11:58 +0200] "POST Xttp://169.54.83.X/dout.aspx? HTTP/1.1" 200 0

which are completely omitted in the Web log. I am trying to disable only the records about communicating with Kerio Control, which are unnecessary.
  •  
Brian (GFI/Kerio)

Messages: 778
Karma: 79
Send a private message to this user
If you need to retain such log events on a conditional basis you can disable logging to a local file and enable logging to a syslog server. On the syslog server you can configure such specific conditions regarding which events to keep or discard. Otherwise you can submit a feature request for more granular log option at feedback.gfi.com

Brian Carmichael
Instructional Content Architect
  •  
Kraken

Messages: 5
Karma: -3
Send a private message to this user
It's not as much about the log granularity, as about why the data are captured in the first place. I would suggest a place, preferably in the "Security Settings" where you could specify do not log events from these IP or Hostnames with the array textbox or at least a checkbox where you can say that you don't want to check and log traffic to and from Kerio administration.
I don't understand why would anyone want hundreds of records created in the log just because he logged in the administration.

Thank you, I surely will submit a request. I just hope that it will be reviewed faster than for 8 years like my previous experiences with Kerio and that GFI will push a little life in the requests section Smile
Previous Topic: how can i undersatnd the attack to my network by kerio
Next Topic: problem with join in Active directory
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 02:07:25 CET 2017

Total time taken to generate the page: 0.00385 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.