3 Replies Latest reply on Jul 27, 2015 3:07 AM by Troja

    https links access logs in log file

    jagrose

      In McAfee WebGateway 7.5 logs, we are able to check only http sites accesses only.  We need https sites access logs also.  How can achive this?

       

      Will this product log https links access logs?

        • 1. Re: https links access logs in log file
          Troja

          Hi,

          do you see HTTP Connect requests in your access log? Normally if you are using the default log file anything should be fine.

          A connect request indicates a HTTPS connection will be established.

          Cheers

          • 2. Re: https links access logs in log file
            jagrose

            Thank you Troja for your reply.

             

            In log file we can see downloaded files information for http link.

             

            But we are not able to find downloaded files detail for https link.

             

            How can we trace https links file downloads?

            • 3. Re: https links access logs in log file
              Troja

              Hi,

              just checked the default access.log with my MWG. This are the headers with additional geolocation information.

              #time_stamp "auth_user" src_ip status_code "req_line" "categories" "rep_level" "media_type" bytes_to_client bytes_from_client "user_agent" "virus_name" "block_res" "application_name" "Geolocation"

               

              The property Request.Header.FirstLine is used to store the first request to the LOG File. This property should include the URL like this if HTTP connections are established.

              [27/Jul/2015:09:54:57 +0200] "\" 10.x.x.x 200 "POST https://vortex-win.data.microsoft.com/collect/v1 HTTP/1.1" "Business, Software/Hardware" "Minimal Risk" "application/json" 345 775 "MSDW" "" "0" "" "internal"

               

              Question: are you inspecting SSL? If no you will not see the complete URL. In this case MWG is only able to log a successfull connect request. Anything within the SSL tunnel is invisible for MWG. Therefore you are not able to log any URL information.

               

              Cheers