This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Logging HTTPS traffic

Hello,

I have a specific scenario in which I am trying to find out of a particular user visited a particular secure website on a particular day.
Is there a way to log HTTPS traffic via the firewalls built in monitoring? As far as I can see there is an HTTPS CA but no HTTPS traffic is showing up under Logging & Reporting > Web Security.

ASG V8 on 8.303

(I'm very new to this system)

Thanks

This thread was automatically locked due to age.

Parents

0 BAlfson over 12 years ago

When I look at logs i can see that all accessed https sites are loged as url="http.00.s.sophosxl.net" or similiar

Please show the complete log line from the file. The only places I have HTTPS scanning enabled are locations doing AD-SSO in Standard mode, and the logs show "sophosxl.net" if I'm interpreting your example correctly.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 12 years ago

When I look at logs i can see that all accessed https sites are loged as url="http.00.s.sophosxl.net" or similiar

Please show the complete log line from the file. The only places I have HTTPS scanning enabled are locations doing AD-SSO in Standard mode, and the logs show "sophosxl.net" if I'm interpreting your example correctly.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 pitonsxxl over 12 years ago in reply to BAlfson

Please show the complete log line from the file. The only places I have HTTPS scanning enabled are locations doing AD-SSO in Standard mode, and the logs show "https://sophosxl.net" if I'm interpreting your example correctly.

Cheers - Bob

Please see some line from log file.


2013:03:18-16:01:50 mail httpproxy[29479]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.11.144.110" dstip="54.247.116.110" user="" statuscode="200" cached="0" profile="REF_HttProItGroupProxy (Internal)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2" request="0x9b7d928" url="http://http.00.s.sophosxl.net/V3/01/229.178.178.193.ip/" exceptions="" error="" category="178" reputation="neutral" categoryname="Internet Services" application="http"

2013:03:18-16:01:52 mail httpproxy[29479]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.11.144.110" dstip="54.247.116.110" user="" statuscode="200" cached="0" profile="REF_HttProItGroupProxy (Internal)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="12" request="0x9b7d928" url="http://http.00.s.sophosxl.net/V3/01/bayvar.pvgnqryr.yi.w/" exceptions="" error="" category="178" reputation="neutral" categoryname="Internet Services" application="http"

Today https sites are not logged in log file at all - I haven't changed any configuration. Restarted proxy, disabled/enabled proxy. But cannot get to log https sites with configuration that logged them yesterday...