capture complete URL from MX64

SOLVED
Roger2
Conversationalist

capture complete URL from MX64

Hello.  We have an MX64W forwarding logs to a KiwiSyslog server.  For most of the entries, the log shows only the top-level domain followed by "...", but not the actual pages visited:

 

request: UNKNOWN https://www.youtube.com/...

 

About 1% of the requests are GET, and those return the full URL.  The rest of the requests are UNKNOWN, and only return the TLD.

 

Can we get the full URL for all requests?  

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

What you'll find is those requests are using HTTPS, so they are encrypted, so the MX can not determine the full URL.  It can only determine the base domain name by inspecting the HTTPs conversation setup.

View solution in original post

3 REPLIES 3
NolanHerring
Kind of a big deal

At first I thought you need to enable Network-Wide>Configure>General>Traffic Analysis>Detailed (to collect hostname visibility).

 

However, I have this enabled already, and I checked some event logs for my MX and I see the same thing.

 

test.JPG

 

I found this old thread about a beta program but it looks like its closed now. I don't see this feature on my settings page anywhere so not sure what this actually did.

 

https://community.meraki.com/t5/Security-SD-WAN/Need-internet-activity-log-of-each-client/td-p/7649

 

 Not sure how to get the entire URL.

Nolan Herring | nolanwifi.com
TwitterLinkedIn
PhilipDAth
Kind of a big deal
Kind of a big deal

What you'll find is those requests are using HTTPS, so they are encrypted, so the MX can not determine the full URL.  It can only determine the base domain name by inspecting the HTTPs conversation setup.

Roger2
Conversationalist

That makes sense.  Is there any way to get the full URLs using other tools?  

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels