In McAfee WebGateway 7.5 logs, we are able to check only http sites accesses only. We need https sites access logs also. How can achive this?
Will this product log https links access logs?
do you see HTTP Connect requests in your access log? Normally if you are using the default log file anything should be fine.
A connect request indicates a HTTPS connection will be established.
Thank you Troja for your reply.
In log file we can see downloaded files information for http link.
But we are not able to find downloaded files detail for https link.
How can we trace https links file downloads?
just checked the default access.log with my MWG. This are the headers with additional geolocation information.
#time_stamp "auth_user" src_ip status_code "req_line" "categories" "rep_level" "media_type" bytes_to_client bytes_from_client "user_agent" "virus_name" "block_res" "application_name" "Geolocation"
The property Request.Header.FirstLine is used to store the first request to the LOG File. This property should include the URL like this if HTTP connections are established.
[27/Jul/2015:09:54:57 +0200] "\" 10.x.x.x 200 "POST https://vortex-win.data.microsoft.com/collect/v1 HTTP/1.1" "Business, Software/Hardware" "Minimal Risk" "application/json" 345 775 "MSDW" "" "0" "" "internal"
Question: are you inspecting SSL? If no you will not see the complete URL. In this case MWG is only able to log a successfull connect request. Anything within the SSL tunnel is invisible for MWG. Therefore you are not able to log any URL information.