SRX

Is it possible to log http requests (urls) of http traffic on the srx firewall? I know that traffic (RT_FLOW) logs are only ip/port based, but maybe it is possible somehow with utm content filtering? Or maybe webfilter logging? Or ANY other way? We desperately need this functionality...

 

Regards,

Pawel

 

#logging
#web.filtering

Yes, enabling web-filtering can log URLs in RTLog. This requires web-filtering license unless you have a redirect server such as Websense that you can use.

-Richard

Good news is that it works fine with juniper-local web filtering (ie it should work without web-filtering cp license, I have not tested that so far, but it should). HTTP method (GET, POST etc) is not logged, but url is. Neither are any other protocol elements - but bare get urls are logged fine.

Bad news is that logging does not work well with surf-control-integrated web-filtering. The reason is probably url cache.. The first request for a certain url gets logged fine, but the log does not show subsequent requests for the same url (as checks are done from the cache I think). I have tried setting url cache size to zero - but it does not help. The device is running Junos 10.3R3.7.

Have you got any ideas how to implement http traffic inspection/logging along with surf-control web-filtering?

 

Regards,

Pawel

how did you get it working?

We did not 😉

 

Regards,

Pawel

Hi pmazurkeiwicz,

 

The surf-control-integrated cache logging problem has been fixed and I know for a fact that it works fine in 10.4R6.

 

Audab

Thank you for information!

 

Regards,

Pawel

Has this been done?
Any kb or doc links to share?