Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
706
Views
10
Helpful
6
Replies

outdated web Brower

kostasthedelegate
Level 4
Level 4

‎03-04-2021 01:18 AM - edited ‎03-04-2021 01:18 AM

Hello, 

 

I would like to know if there is a way to extract from WSA the info about the used browser version in the network. 

Either in logs or in reports or something else. 

 

thanks and regards, 

Konstantinos

Labels:
0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎03-04-2021 02:05 AM

You can get the information from Log subscription :

 

1611243019.446 546 x.x.x.x TCP_MISS/200 6824 CONNECT tunnel://domain.com:443/ -
DIRECT/domain.com application/octet-stream MONITOR_RULE-NONE-NONE-DefaultGroup-NONE
<"C_Glob",9.2,1,"-",-,-,-,1,"-",-,-,-,"-",1,-,"-","-",-,-,"IW_comp",-,"-","Computers and Internet","-","Microsoft Dynamics CRM","Enterprise Applications","Encrypted","-",99.99,0,-,"-","-",1,"-",-,-,"-","-",-,1,"-",-> -
0 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.30866 Chrome/80.0.3987.165 Electron/8.5.1 Safari/537.36", 2021-01-21, 15:30:19 Date:
"4/mar/2021:10:30:19 +0000" Dst-IP: x.x.x.x UsrAgnt: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.30866 Chrome/80.0.3987.165 Electron/8.5.1 Safari/537.36"
ADGroup: - AuthMethod: NONE TransID: 334130190 PrfPara: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 152 0 0 0 0 0 0
WBRS response = 0, WBRS total = 0, AVC response = 0, AVC total = 0, DCA response = 0, DCA total = 0, McAfee response = 0, McAfee total = 0, Sophos response = 0, Sophos total = 0, Webroot response = 0,
Webroot total = 0, Anti-Spyware response = 0, Anti-Spyware total = 0; 0

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

kostasthedelegate
Level 4
Level 4

‎03-04-2021 02:09 AM

Hello @balaji.bandi 

 

Are these the access logs?

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎03-04-2021 02:10 AM

yes, you can download that Logs in to Linux, you can use grep and AWK to get the report.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

kostasthedelegate
Level 4
Level 4

‎03-04-2021 02:26 AM

Is this the default format, because I cannot find this field in the explanation here:

https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa11-0/user_guide/b_WSA_UserGuide/b_WSA_UserGuide_chapter_010111.html#con_1633384

0 Helpful

kostasthedelegate
Level 4
Level 4

‎03-04-2021 02:37 AM

Found It!!

%u

cs(User-Agent)

User agent. This field is written with double-quotes in the access logs.

This field helps determine if an application is failing authentication and/or requires different access permissions.

 

Thank you @balaji.bandi 

0 Helpful

kostasthedelegate
Level 4
Level 4

‎03-04-2021 02:48 AM

One more question @balaji.bandi 

UsrAgnt: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.30866 Chrome/80.0.3987.165 Electron/8.5.1 Safari/537.36"

In the log there are all the browsers.

Which is the one used by the user?

0 Helpful
Customers Also Viewed These Support Documents