cancel
Showing results for 
Search instead for 
Did you mean: 

capture complete URL from MX64

SOLVED
Conversationalist

capture complete URL from MX64

Hello.  We have an MX64W forwarding logs to a KiwiSyslog server.  For most of the entries, the log shows only the top-level domain followed by "...", but not the actual pages visited:

 

request: UNKNOWN https://www.youtube.com/...

 

About 1% of the requests are GET, and those return the full URL.  The rest of the requests are UNKNOWN, and only return the TLD.

 

Can we get the full URL for all requests?  

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: capture complete URL from MX64

What you'll find is those requests are using HTTPS, so they are encrypted, so the MX can not determine the full URL.  It can only determine the base domain name by inspecting the HTTPs conversation setup.

3 REPLIES
Building a reputation

Re: capture complete URL from MX64

At first I thought you need to enable Network-Wide>Configure>General>Traffic Analysis>Detailed (to collect hostname visibility).

 

However, I have this enabled already, and I checked some event logs for my MX and I see the same thing.

 

test.JPG

 

I found this old thread about a beta program but it looks like its closed now. I don't see this feature on my settings page anywhere so not sure what this actually did.

 

https://community.meraki.com/t5/Security-SD-WAN/Need-internet-activity-log-of-each-client/td-p/7649

 

 Not sure how to get the entire URL.

Nolan Herring | nolanwifi.com
TwitterLinkedIn
Kind of a big deal

Re: capture complete URL from MX64

What you'll find is those requests are using HTTPS, so they are encrypted, so the MX can not determine the full URL.  It can only determine the base domain name by inspecting the HTTPs conversation setup.

Highlighted
Conversationalist

Re: capture complete URL from MX64

That makes sense.  Is there any way to get the full URLs using other tools?