I have setup webgateway 7.3 to send access logs to webreporter 5.2.
Log import & reporting appears to be working correctly - there are no errors reported in log parser and all logs are completing 100% successful.
The problem I have is that if https is used then there is no auth_user data shown. I believe this is down to the way that webgateway is configured as if I check the access.log on the webgateway, there is no auth_user data whenever https is used.
Currently only Handle Connect Call > Set Client Context is enabled in the SSL scanner rule set - would this be why there is no auth_user being logged?
I have compared against a v.6.9 webwasher which I have been told does not have SSL scanner enabled however all the options under the SSL Scanner tab are checked such as certifcate verification/ scan encrypted traffic so it would appear that SSL Scanning is enabled. There is also a custom HTTPS-Access log configured which uses the same fields as the access. log. This is reporting on auth_users correctly.
thanks for any help
Can you post some screenshots of your authentication rules in the MWG?
You are correct in assuming this is an issue with how MWG is configured.
Sure, here you are - pretty much out the box I think? What have I missed....
Thanks!Message was edited by: itsec on 18/12/12 03:57:28 CST
I've examined the v6.9 installation a little more closely and it appears that a cutom https log was created in accordance with a document called "Create a Custom Log for HTTPs CONNECT Requests" which references Support Issue ISS00443240.
Basically I would like to recreate this functionalilty in v7.3.
FYI I ave logged a SR for this issue - # 3-2631891911
I've tried a variety of different options with the SSL scanning rules which seem to get the end result except the logs now show https get/ put/ post etc and not connect. I'm not sure how important this is...?
I'm also not convinced I have the right configuration for the client as they have specified they do not want ssl content scanned. Hopefully I will resolve this with the SR.
I can see the case, it's assigned to my pod-mate, please upload a feedback to that case as well.
I'm guessing there is a stop cycle above the authentication which may be resulting in the behavior you are seeing. The authentciation server rules look good.
I've run a capture, checked the logs and also used fiddler when testing - the traffic is def going to the gateway however your comment about the certificate got me thinking....
Although I created a CA for the SSL Client Context with CA, it doesn't seem to be applying. If I browse to a https site then the certificate in the browser is the actual webservers (correct) certificate. I also noticed that the webgateway cert has not been installed into trsuted root so I have amended that but nothing has changed.
As I mentioned, I only have the Handle Connect Call > Set Client Context enabled in the SSL Scanner rule set and it looks like this isn't working..
Will have to investigate further.
SSL Scanning is not going to work correctly with just Set Client Context turned on.
You might as well just turn SSL scanning off all together unless you activafe the rest of the rules.
we had planned not to use SSL scanning (content) - the only reason it is enabled with just set client context is so that the block templates can be seen as per numerous posts in this community that suggest this.
I'd like to recreate the custom log settings in 6.9 as in my earlier post but I'm not sure this is possible. As I mentioned, I was told that ssl scanning was not used but it turns out it is used so I'm not sure whether auth_user is being populated in the 6.9 custom logs becaus SSL Scanning is enabled or whether it's the custom log settings doing that.