Reporting URLs and Bytes together?

Reply
KGC
L3 Networker

Reporting URLs and Bytes together?

We are trying to produce a report which summarizes the URLs visited by a specific user along with the total bytes downloaded from each URL.

It seems that the bytes are available in the Traffic log, but not the URLs; conversely, the URLs are in the URL log, but not the bytes.

Is there some way or producing reports which correlate the various logs?

Thanks!

L4 Transporter

Re: Reporting URLs and Bytes together?

Hi,

You can send both reports at the same time but you can not merge two different reports into one.

-Khubaib 

KGC
L3 Networker

Re: Reporting URLs and Bytes together?

Yes it seems there is not good way to produce reports which correlate the various logs on the device, which is a shame.

L4 Transporter

Re: Reporting URLs and Bytes together?

Hi,

I'm trying to do the same.

I'm exporting both the traffic and url logs to another device and trying to create a more comprehensive log file with both the URL and bytes fields.

Once all this info is in one log file hopefuly I will be able to do some analysis on it.

There are a number of fields you can use to reliably match up the log entries - session ID, src & dst IP, src & dst port etc.

My attempts at writing a shell script to merge the url and traffic files show promise but are pitifully slow.  I can't help feeling that there is a better way than a shell script to do this - but an even better way would be for all the info to be in one log file to start with!

Regards,

Dave

KGC
L3 Networker

Re: Reporting URLs and Bytes together?

I can't imagine it's all that difficult to just allow the various logs to be combined into a single report query right on the device. There is potentially a lot of valuable information to be leveraged from correlating the separate logs.

I hope this is something that PAN is already working on.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!