Detalied url log

Reply
L0 Member

Detalied url log

Hi all!

i'm new in this community and we have put in work 2 PA-3020.

I configured ELK for log forwarding.

i've search every log and i couldn't find a filed with the url theat a user is visiting. Is there a way to achieve that.

Example! Now i'm writing from this url: 

https://live.paloaltonetworks.com/t5/forums/postpage/choose-node/true/interaction-style/forum/board-...

Where can i find this exact string? Is it possible with PA?

L7 Applicator

Re: Detalied url log

Hello,

Yes this should be possible. First you will need the URL Filtering license, then a URL filtering policy, and apply the policy to the rule you use for web surfing traffic.

 

Here are a few videos that can help out:

 

Start URL filtering

https://live.paloaltonetworks.com/t5/Tutorials/How-to-Configure-URL-Filtering/ta-p/59300

 

Advanced URL filtering

https://live.paloaltonetworks.com/t5/Tutorials/Advanced-URL-Filtering/ta-p/58204

 

Hope this helps!

 

L0 Member

Re: Detalied url log

Thanks for the videos! 

I've already put in place the alert on all the categories and i have a License for URL Filtering but i don't get the result i want.

for some cotegories like unknow or computer-and-internet-info i get the detaglied url for others not.

I think i have to use decription but it's strage that i only need the recquested url like in the first 3 rows

Exaple 

12/06/2017 10:45web-browsingdocs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/ConfigBackupcomputer-and-internet-infoalert100:01:24
12/06/2017 15:02apt-getit.archive.ubuntu.com/ubuntu/dists/xenial-updates/main/binary-i386/by-hash/SHA256/ac45f575b478522ec5f0c32c34e86360c22b5df7c8ba38097d8172fd2faba5cb%20HTTP/1.1computer-and-internet-infoalert100:00:00
12/06/2017 15:02apt-getsecurity.ubuntu.com/ubuntu/dists/xenial-security/main/binary-i386/by-hash/SHA256/22c360a96dfcc47eae9fc04003a646c1c0fb000b5262c63e940ea89523e0681c%20HTTP/1.1computer-and-internet-infoalert100:00:00
12/06/2017 12:04google-baseclients4.google.com/search-enginesalert100:01:00
12/06/2017 12:04sslvortex-win.data.microsoft.com/computer-and-internet-infoalert100:00:00
12/06/2017 12:21sslwww.google.it/search-enginesalert100:01:00
12/06/2017 10:59facebook-basewww.facebook.com/social-networkingalert100:00:00
12/06/2017 10:59twitter-basesyndication.twitter.com/social-networkingalert100:00:00
12/06/2017 10:59sslsettings-win.data.microsoft.com/computer-and-internet-infoalert100:00:00
12/06/2017 10:59sslvortex-win.data.microsoft.com/computer-and-internet-infoalert100:00:00
12/06/2017 10:59sslssum-sec.casalemedia.com/web-advertisementsblock-url100:00:00
12/06/2017 10:59sslssum-sec.casalemedia.com/web-advertisementsblock-url100:00:00
L6 Presenter

Re: Detalied url log

Looks like this might be a function of SSL Interception and not having it enabled, perhaps?  It looks like you aren't getting details for things which are over HTTPS.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!