03-04-2021 01:18 AM - edited 03-04-2021 01:18 AM
Hello,
I would like to know if there is a way to extract from WSA the info about the used browser version in the network.
Either in logs or in reports or something else.
thanks and regards,
Konstantinos
03-04-2021 02:05 AM
You can get the information from Log subscription :
1611243019.446 546 x.x.x.x TCP_MISS/200 6824 CONNECT tunnel://domain.com:443/ -
DIRECT/domain.com application/octet-stream MONITOR_RULE-NONE-NONE-DefaultGroup-NONE
<"C_Glob",9.2,1,"-",-,-,-,1,"-",-,-,-,"-",1,-,"-","-",-,-,"IW_comp",-,"-","Computers and Internet","-","Microsoft Dynamics CRM","Enterprise Applications","Encrypted","-",99.99,0,-,"-","-",1,"-",-,-,"-","-",-,1,"-",-> -
0 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.30866 Chrome/80.0.3987.165 Electron/8.5.1 Safari/537.36", 2021-01-21, 15:30:19 Date:
"4/mar/2021:10:30:19 +0000" Dst-IP: x.x.x.x UsrAgnt: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.30866 Chrome/80.0.3987.165 Electron/8.5.1 Safari/537.36"
ADGroup: - AuthMethod: NONE TransID: 334130190 PrfPara: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 152 0 0 0 0 0 0
WBRS response = 0, WBRS total = 0, AVC response = 0, AVC total = 0, DCA response = 0, DCA total = 0, McAfee response = 0, McAfee total = 0, Sophos response = 0, Sophos total = 0, Webroot response = 0,
Webroot total = 0, Anti-Spyware response = 0, Anti-Spyware total = 0; 0
03-04-2021 02:09 AM
03-04-2021 02:10 AM
yes, you can download that Logs in to Linux, you can use grep and AWK to get the report.
03-04-2021 02:26 AM
Is this the default format, because I cannot find this field in the explanation here:
03-04-2021 02:37 AM
Found It!!
%u cs(User-Agent) User agent. This field is written with double-quotes in the access logs. This field helps determine if an application is failing authentication and/or requires different access permissions.
Thank you @balaji.bandi
03-04-2021 02:48 AM
One more question @balaji.bandi
UsrAgnt: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.30866 Chrome/80.0.3987.165 Electron/8.5.1 Safari/537.36"
In the log there are all the browsers.
Which is the one used by the user?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: