How to Enable HTTP Header Logging and Track URLs Accessed by Users

by skumar1 on ‎10-06-2014 05:33 AM - edited on ‎09-01-2015 02:10 PM by (5,473 Views)

PAN-OS 6.1

 

Overview

HTTP header logging was introduced in PAN-OS 6.1. This document explains how to enable the HTTP header logging and how to track URLs accessed by individual users in the network.

 

Steps

  1. Configure a URL Filtering Profile under Objects > Security Profiles.
    x.JPG
  2. Configure necessary actions for each respective category.
  3. Navigate to settings in the URL filtering profile and enable User-Agent, Referer, X-Forwaded-For checkboxes under HTTP Header Logging.
    y.JPG
  4. Create a security policy for traffic of interest.
  5. Under Profile Settings, call the configured URL Filtering Profile and select OK.
    xx.JPG
  6. Commit the configuration.
  7. Navigate to Monitor > Logs > URL filtering. Use the filter to select the source user.
    Note: The referrer field will list out the URLs visited by the end user. The individual log will look like this:
    zz.JPG
  8. Under HTTP header, use the referrer field to get the actual URLs each user accessed.

 

owner: skumar1

Comments
by VSU_ITSEC
on ‎10-26-2015 01:18 PM

Will this also send the URL log to syslog?

Ask Questions Get Answers Join the Live Community
Contributors