Starting from version 4.0, a mechanism to prefilter HTTP requests has been added to Microolap EtherSensor with the following tasks in mind:
1. To filter out unnecessary HTTP traffic to reduce the workload to Microolap EtherSensor and the runtime environment when analyzing messages (ACCEPT and DROP actions).
2. To accumulate information on possible new trends in HTTP traffic, which can be useful for Microolap EtherSensor support service and/or developers (COPY action).
3. To log the information on HTTP requests in SQUID-ACCESS-LOG format (ACCESS-LOG action).
4. To manipulate tags and labels at preprocessing stage to use the information they accumulated when analyzing the messages (TAG and LABEL actions).
HTTP filter configuration is defined in the XML file stored in [INSTALLDIR]\config\filter\http subdirectory.
To edit the filter, use any external text/XML editor or Microolap EtherSensor editor built into the configuration utility (ethersensor_console.exe from the bundle), which is designed specifically to edit filters:
Fig. 51. Editing an HTTP filter.