Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

WSA access logging for HTTPS traffic

Hi,

We have a WSA s370 with AsyncOS  version 7.5.1-079 and it is configured as a transparent proxy.

HTTPS proxy is enabled and all the URL categories set to pass through ( no decrytpting or monitoring ).

Seems like the WSA does not generate logs for HTTPS transactions.

I would like to know whether this is the expected behaviour.

Is there any way that I can monitor HTTPS transactions without decrypting ?

Thanks,

Wipula.

  • Web Security
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

WSA access logging for HTTPS traffic

In addition to what Ken mentioned, the only way you can monitor HTTPS traffic without decrypting it will be done so using the IP address.

In the access logs, you will see the following transaction when accessing an HTTPS site (google for example):

TCP_CONNECT 74.125.101.50

It will only report URLs once decrypted.  At that point, it is just HTTP.

-Vance

2 REPLIES

WSA access logging for HTTPS traffic

HTTPS transactions end up in the ACCESS log along with the HTTP traffic

Cisco Employee

WSA access logging for HTTPS traffic

In addition to what Ken mentioned, the only way you can monitor HTTPS traffic without decrypting it will be done so using the IP address.

In the access logs, you will see the following transaction when accessing an HTTPS site (google for example):

TCP_CONNECT 74.125.101.50

It will only report URLs once decrypted.  At that point, it is just HTTP.

-Vance

481
Views
0
Helpful
2
Replies