06-02-2017 06:15 AM
Hello,
I am attempting to figure out what workstation a website request originated from that the firewall is reporting that came from the WSA proxy. When I search the proxy for the specific URL I get nothing. I have noticed a behavior that if the proxy returns gateway timeout to the client, the action is not found via the web tracking. I have also done CLI for some of the log files on there with no luck. Can anyone confirm what I am seeing and or knows a way to accomplish what I am trying to do? Thank you in advance.
06-02-2017 06:44 AM
You should be able to GREP the access log to find it.
Log in to the WSA via the CLI.
Run GREP.
Pick the access log (might have to page up, stock install its "1", but if you've added any logs it might be 2 or 3.
Escape the dots when you enter the web site (eg. "www\.google\.com")
06-02-2017 08:10 AM
Thank you. That sounded promising but it did not find anything. Our DNS logs show this specific proxy looking up this name but I still cannot find the attempt to surf registered on the proxy. On a good note, thanks for telling me about escaping the dots. I did not know that since I am spoiled with using the SMA to look at the web tracking.
06-05-2017 04:17 AM
Anyone else have other suggestions on this? Thank you Ken for the help thus far.
06-11-2017 10:28 PM
If the WSA returning for "gateway timeout" normally WSA will logs this as "None/504" code.
You can grep the accesslogs to list out the HTTP code 504 using regular expression such as /504
And if you have added %L in the logs subscription of the WSA accesslogs (custom fileds) it will list out the local time of the appliance for each transactions, you can then filter more from the grep to see those transactions based on the time.
You can use second condition to grep the accesslogs such as:
/504.*12/Jun/2017:13:18:16
Regards
Handy Putra
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide