03-04-2021 01:18 AM - edited 03-04-2021 01:18 AM
Hello,
I would like to know if there is a way to extract from WSA the info about the used browser version in the network.
Either in logs or in reports or something else.
thanks and regards,
Konstantinos
03-04-2021 02:05 AM
You can get the information from Log subscription :
1611243019.446 546 x.x.x.x TCP_MISS/200 6824 CONNECT tunnel://domain.com:443/ -
DIRECT/domain.com application/octet-stream MONITOR_RULE-NONE-NONE-DefaultGroup-NONE
<"C_Glob",9.2,1,"-",-,-,-,1,"-",-,-,-,"-",1,-,"-","-",-,-,"IW_comp",-,"-","Computers and Internet","-","Microsoft Dynamics CRM","Enterprise Applications","Encrypted","-",99.99,0,-,"-","-",1,"-",-,-,"-","-",-,1,"-",-> -
0 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.30866 Chrome/80.0.3987.165 Electron/8.5.1 Safari/537.36", 2021-01-21, 15:30:19 Date:
"4/mar/2021:10:30:19 +0000" Dst-IP: x.x.x.x UsrAgnt: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.30866 Chrome/80.0.3987.165 Electron/8.5.1 Safari/537.36"
ADGroup: - AuthMethod: NONE TransID: 334130190 PrfPara: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 152 0 0 0 0 0 0
WBRS response = 0, WBRS total = 0, AVC response = 0, AVC total = 0, DCA response = 0, DCA total = 0, McAfee response = 0, McAfee total = 0, Sophos response = 0, Sophos total = 0, Webroot response = 0,
Webroot total = 0, Anti-Spyware response = 0, Anti-Spyware total = 0; 0
03-04-2021 02:09 AM
03-04-2021 02:10 AM
yes, you can download that Logs in to Linux, you can use grep and AWK to get the report.
03-04-2021 02:26 AM
Is this the default format, because I cannot find this field in the explanation here:
03-04-2021 02:37 AM
Found It!!
%u cs(User-Agent) User agent. This field is written with double-quotes in the access logs. This field helps determine if an application is failing authentication and/or requires different access permissions.
Thank you @balaji.bandi
03-04-2021 02:48 AM
One more question @balaji.bandi
UsrAgnt: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.30866 Chrome/80.0.3987.165 Electron/8.5.1 Safari/537.36"
In the log there are all the browsers.
Which is the one used by the user?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide