Reports - Best way to see top URLs visited?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Reports - Best way to see top URLs visited?

L4 Transporter

I'm struggling a little with the documentation on how to generate useful reports.

If I look in the ACC or default reports I can see destinations but they are simply a mix of raw hostname and rdns lookups - they might show a lot of traffic to, say, a88-221-183-148.deploy.akamaitechnologies.com, but they won't show that traffic was actually people looking at http://news.bbc.co.uk.

How can I get a report that (for example) simply show the top X sites (not individual pages) visited for the past X hour or days please?

Also I'm unclear what I need to enable in terms of logging to be able to do this - do I need to enable (as a minimum) alerting on all URLs for a URL profile assigned to a policy, or does the PAN log all this info somewhere by default?

Thanks!

1 accepted solution

Accepted Solutions

L5 Sessionator

The Reports don't include an option to view the top X domains visited. To view the top X URLs you can create a custom report in which you'd choose the "URL Log" as the Database, choose "URL" as one of your options under "Columns", choose the top X option you'd like and the period of data. To see traffic in the log, either the URL itself or the URL category must be set to alert. Traffic that is allowed and not flagged in any way, will not be recorded in the logs.

Nancy Rice

Technical Support

Palo Alto Networks

1-866-898-9087

View solution in original post

19 REPLIES 19

L3 Networker

I'm also looking for the same issue .. I'd like to produce report based on URL domain  and not only hits but also volume of traffic for this domains. Till now I wasn't able to do it  ... is that on the road map ?

L5 Sessionator

The Reports don't include an option to view the top X domains visited. To view the top X URLs you can create a custom report in which you'd choose the "URL Log" as the Database, choose "URL" as one of your options under "Columns", choose the top X option you'd like and the period of data. To see traffic in the log, either the URL itself or the URL category must be set to alert. Traffic that is allowed and not flagged in any way, will not be recorded in the logs.

Nancy Rice

Technical Support

Palo Alto Networks

1-866-898-9087

Thanks Nancy.

Are there any plans to change this please?

I ask as, respectfully, there are lots of reports by default which don't seem overly relevant (admittedly I only speak for myself here) yet this seems to me to be a fairly fundamental "What's our Internet connection being used for?" report, IYSWIM?

Thanks.

I'll submit a request for the reporting features mentioned in this string.

Nancy Rice

Technical Support

Palo Alto Networks

1-866-898-9087

L4 Transporter

Any movement/roadmap on this please?


It's still a little frustrating to only be able to report by rdns hostname, or by URL visited rather than "plain english" top websites visited.

Thanks.

Hi, same as here too.

I'm struggle as the problem that u mention.

Hope this will be available in the next release.

Not applicable

Agreed also - a simple top down list of locations as defined by brightcloud

L1 Bithead

I would also like to add my wish for such a report please.

The main selling point to us for the PAN was the reporting but these basic type of reports seem to be missing.

How soon are we likely to see any improvement in the reporting please?

L0 Member

I would also like this report.

Hi,

Now some of our third party partners reporting tool can actually create reports based on the URL domain portion of the URL logs. I have attached an example from Sawmill.

We understood the need and I will recommend you guys to escalate your needs to our local sales and SE team, in order to make sure that we will be able to well documented your needs in details with justification.

Regards,

Jones

Hi,

the sawmill example provided is still not enough:

As a reseller, I (and final customers too) don't care to know that Mister X goes to ad.yieldmanager.com, a248.e.akamai.net or imageserv01.yss4.com...

Palo Alto SE tell us all the time that Next-gen FW can replace WEB Proxys and that cache is not useful . This is true, but how can we argue that point if the FW is not even able to produce the most basic WEB report: Top Website visited (User, Domain, Bytes) ?

I don't want to add a third party tool, such as Sawmill, splunk or whatever else to have this very simple report.

What about PanOS 4.0 (or 4.1) ? If not, is it in the roadmap ? I search in the knowledgepoint forum and a lot of users have the  same question...

Thanks for Palo Alto responses.

Regards,

Hi,

Certainly I understood your request and I had also heard similar requests somewhere else. For roadmap and formal request I will recommend you to reach your local PAN SE so that they can have better escalation to us. For the time being if you are using some 3rd party reportin solutions that will be a good alternative.

Regards,

Jones

Thanks for your answer Jones.

For sure, we will contact our local PAN SE and hope this part of reporting will be improved quickly.

About integrating with a 3rd party, I'm not sure it will solve the problem since the FW only logs websites by Reverse DNS, as someone else already said earlier. Whatever the 3rd party, it will only be capable to use data sent by the FW, isn't it ?

Regards,

Hi,

For Sawmill, it will based on our URL log to find out the URL domain versions for top URL domain reporting which should be able to be a temp solution.

Jones

  • 1 accepted solution
  • 10894 Views
  • 19 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!