Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
NMBDave
New Contributor

Getting detailed URL info with Fortianalyzer

We are trying to get detailed information for where our users are going.  Say we have a user that goes to their facebook page and then to the company facebook page and then back to their own.  The detailed "User Detailed Browsing Log" only says they went to facebook.com.  Is there a way to see more details that might show if they are doing company business or personal?

1 Solution
hzhao_FTNT

Make sure you can see webfilter logs in log view, then try:

select from_dtime(dtime) as timestamp, catdesc, hostname || url as website, cast(action as text) as status from $log-webfilter where $filter and hostname is not null  group by dtime, catdesc, website, action order by dtime desc

View solution in original post

5 REPLIES 5
NMBDave
New Contributor

So nobody has a way to get detailed info?

emnoc
Esteemed Contributor III

Qs:

 

What/Where is the company Facebook page located at? Do you have SSL decryption so you can track the URL request in the http headers

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
hzhao_FTNT

Make sure you can see webfilter logs in log view, then try:

select from_dtime(dtime) as timestamp, catdesc, hostname || url as website, cast(action as text) as status from $log-webfilter where $filter and hostname is not null  group by dtime, catdesc, website, action order by dtime desc

MikePruett

These days you pretty much have to enable SSL inspection to get a lot of the info you are looking at. Otherwise it just shows as SSL Traffic in general. Be prepared though, your logs will skyrocket haha.

Mike Pruett Fortinet GURU | Fortinet Training Videos
NMBDave

Thanks everyone.  I'll check some settings and see what we get.  It is a shame so many won't just work at work.

Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors