1). Run these debugging commands
Follow the related KB article to capture the output in the text file with Putty:
https://community.fortinet.com/t5/No-tags-TKBs/Technical-Note-How-to-create-a-log-file-of-a-session-...
# diagnose debug reset # diagnose debug console timestamp enable # diagnose wad debug enable category icap
# diagnose wad debug enable category http ---> (This command is optional if you need to see HTTP debugging detail also) # diagnose wad debug enable level info # diagnose debug enable
2). Generate the related traffic to trigger the ICAP profile
3). Stop debugging by
# diagnose debug disable
# diagnose debug reset
Sample of the output Source IP address: 192.168.1.34 Destination: https://dataleaktest.com/ ICAP server IP address: 192.168.1.220
[I]2021-08-02 16:41:52.383860 [p:8338][s:590xxxx] wad_http_full_ses_make :12678 make ok session=0x7f91082a20 server=0x7f90f82188. [I]2021-08-02 16:41:52.384437 [p:8338][s:590xxxx][r:72] wad_dump_http_request :2548 hreq=0x7f8e40c048 Received request from client: 192.168.1.34:51608
GET / HTTP/1.1 Host: dataleaktest.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en
[I]2021-08-02 16:41:52.384522 [p:8338][s:590xxxx][r:72] wad_http_parse_host :1667 host=[16]dataleaktest.com [I]2021-08-02 16:41:52.384537 [p:8338][s:590xxxx][r:72] wad_http_str_canonicalize :2182 enc=0 path=/ len=1 changes=0 [I]2021-08-02 16:41:52.384569 [p:8338][s:590xxxx][r:72] wad_http_connect_server :5846 [0x7f8e40c048] Use old server: N/A:0 [I]2021-08-02 16:41:52.384651 [p:8338][s:590xxxx][r:72] wad_icap_srv_conn_new :559 icap server 0x7f9176f930 conn 0x7f90e1c048 ireq 0x7f8e4272c0 connecting [I]2021-08-02 16:41:52.384669 [p:8338] wad_icap_create_new_tcp :782 Allocate ses_ctx 0x7f8e5276e8 -> 192.168.1.220:1344 [I]2021-08-02 16:41:52.384776 [p:8338] wad_http_clt_icap_body_done :1213 msg=0x7f8e40c048 Proc ICAP request 0x7f8e427048(0x7f8e4272c0) switch/is_req: 0/1 [I]2021-08-02 16:41:52.385027 [p:8338] wad_icap_srv_conn_on_connected :487 ICAP 0x7f90e1c048:0x7f8e4272c0:0x7f920f8c48:(:15585->192.168.1.220:1344): connected [I]2021-08-02 16:41:52.385098 [p:8338] wad_icap_conn_timer_enable :883 ICAP req(0x7f8e4272c0) conn(0x7f90e1c048) timer Enable. [I]2021-08-02 16:41:52.385663 [p:8338] icap_parse_icap_start_line :28 icap stream=0x7f8e4272c0 status line ret=1 invalid=0. [I]2021-08-02 16:41:52.385682 [p:8338] icap_parse_icap_headers :325 ICAP hdr Server invalid/unknown: 0/1 [I]2021-08-02 16:41:52.385692 [p:8338] icap_parse_icap_headers :325 ICAP hdr ISTag invalid/unknown: 0/1 [I]2021-08-02 16:41:52.385701 [p:8338] icap_parse_icap_headers :325 ICAP hdr X-Response-Desc invalid/unknown: 0/1 [I]2021-08-02 16:41:52.385710 [p:8338] icap_parse_icap_headers :325 ICAP hdr X-Response-Info invalid/unknown: 0/1 [I]2021-08-02 16:41:52.385726 [p:8338] wad_http_icap_clt_request :714 icap=0x7f8e427048 [W]2021-08-02 16:41:52.385734 [p:8338] wad_icap_srv_conn_close :377 ICAP 0x7f90e1c048:0x7f8e4272c0:0x7f920f8c48:(:15585->192.168.1.220:1344): close [I]2021-08-02 16:41:52.385750 [p:8338] wad_http_icap_notify :937 icap=0x7f8e427048 len=422 request=1 clt_strm=0x7f8e44c778 [I]2021-08-02 16:41:52.385780 [p:8338][s:590xxxx][r:73] wad_http_icap_dyn_fwd_start_proc :246 start proc msg 0x7f8e40c4d8 icap=0x7f8e427048, len=0 [I]2021-08-02 16:41:52.385805 [p:8338][s:590xxxx][r:73] wad_dump_fwd_http_req :2554 hreq=0x7f8e40c048 Forward request to server: GET / HTTP/1.1
Host: dataleaktest.com Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en Connection: keep-alive
[I]2021-08-02 16:41:52.915582 [p:8338][s:590xxxx] wad_dump_http_resp :2569 hreq=0x7f8e40c048 Received response from server:
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Encoding: gzip Vary: Accept-Encoding Server: Microsoft-IIS/8.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET X-Powered-By-Plesk: PleskWin Date: Mon, 02 Aug 2021 09:41:51 GMT Content-Length: 45938
[I]2021-08-02 16:41:52.915640 [p:8338][s:590xxxx] wad_http_fwd_non_cacheable_resp :2268 resp(0x7f914085e0) starts processing. [I]2021-08-02 16:41:52.915650 [p:8338][s:590xxxx] wad_http_resp_setup_fwd_resp :2245 msg(0x7f914085e0) build fwd resp! [W]2021-08-02 16:41:52.915661 [p:8338][s:590xxxx] wad_http_icap_resp_enabled :1159 ICAP=0x7f923238a8 req_method: 0 [I]2021-08-02 16:41:52.915685 [p:8338][s:590xxxx] wad_icap_srv_conn_new :559 icap server 0x7f9176f930 conn 0x7f90e1c048 ireq 0x7f8e4277b0 connecting [I]2021-08-02 16:41:52.915698 [p:8338][s:590xxxx] wad_icap_srv_conn_on_connected :487 ICAP 0x7f90e1c048:0x7f8e4277b0:0x7f920f8ca8:(:15585->192.168.1.220:1344): connected
|