Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 41 subscribers
  • Views 948 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Any way to get raw access logs?

Tony Ayre

I am trying to figure out if there is a way to get raw access logs down to the level of each individual file that is accessed via the http/https proxy?

Basically, I am trying to figure out what services our users are using which still use Adobe Flash, so am hoping there's a way to access logs to find all .swf files they're accessing - so I can then do a bit of analysis and then advise those users that Flash is going away soon, so they need to change to other sites (we're a group of schools, and teachers don't really know what Flash is beyond the occasional message saying there's a problem).

So, is there a way to do this with XG?



This thread was automatically locked due to age.
Parents
  • 0

    System Services > Log settings.

    Set up an external syslog server and send the web filter logs to it.  Those should include the URL so any HTTP and decrypted HTTPS the full url including "swf".  I don't recall if it also logs the content type (mimetype) but that may be something else to search for.  HTTPS that is encrypted you will not see the full URL for.

    You could also go to Web >  File types and create a new filetype for the file extension and mime types.  Then in your policy set that filetype to Warn.  This may not be ideal, because embedded content will probably fail to load rather than showing you a warn page with option to proceed.  But it would then be quite easy to search for Warned content in the logs, so maybe just run it for a day?

Reply
  • 0

    System Services > Log settings.

    Set up an external syslog server and send the web filter logs to it.  Those should include the URL so any HTTP and decrypted HTTPS the full url including "swf".  I don't recall if it also logs the content type (mimetype) but that may be something else to search for.  HTTPS that is encrypted you will not see the full URL for.

    You could also go to Web >  File types and create a new filetype for the file extension and mime types.  Then in your policy set that filetype to Warn.  This may not be ideal, because embedded content will probably fail to load rather than showing you a warn page with option to proceed.  But it would then be quite easy to search for Warned content in the logs, so maybe just run it for a day?

Children
No Data
Unfiltered HTML