ProxySG & Advanced Secure Gateway

 View Only

  • 1.  Generate logs showing http and https usage in proxy

    Posted Oct 23, 2017 11:34 PM

    Hi All,

    Is it possible to generate a log or a report to see the usage of http and https in proxysg? Or this option can be seen in the reporter? If so, how?

     

    Thank you and Best Regards,



  • 2.  RE: Generate logs showing http and https usage in proxy

    Posted Oct 24, 2017 08:23 AM

    Hi,

    while I’m not aware of any pre-defined report in Reporter. But this information could be available on the ProxySG itself – it depends on your settings.

    The ProxySG has on-box statistics about how much traffic goes through every single Proxy (Service).

    I think it is safe to assume that HTTP would be handled by the HTTP Proxy. So you could go to the Management Console: Statistics > Traffic Details > Traffic History and look at the usage for the Proxy “HTTP”.

    Now it depends on your deployment and settings. Especially in explicit mode everything will be HTTP unless you have “detect protocol” enabled on your HTTP Proxy.

    If you have “detect protocol” enabled the SSL Traffic would go to the SSL Proxy, so theoretically you would see your SSL traffic if you select Proxy “SSL”.

    But then if you also use SSL Intercept in your policy the intercepted SSL traffic will be handled by the “HTTPS Forward Proxy”. So you would have to take that into account as well.

    For a rough overview this might be sufficient.

    HTTP = the plain HTTP traffic
    SSL = the unintercepted SSL traffic (in explicit mode only with protocol detection enabled)
    HTTPS Forward Proxy = the intercepted SSL traffic

    The tab Traffic History would show the usage.
    If you select “Proxy” under the tab Traffic Mix the pie chart in the top right corner will give you a nice spread over the selected time frame.

    Unfortunately there is no option to export those views from the SG Management Console. You could take a screenshot.

    Or you could take the raw numbers from the sysinfo or sysinfo_stats file and put it in Excel or something to create your own graphs ;)

    Look for:
    Trend-group: svc:proxy:HTTP:intercepted_client_bytes@
    Trend-group: svc:proxy:HTTP:intercepted_server_bytes@

    Trend-group: svc:proxy:SSL:intercepted_client_bytes@
    Trend-group: svc:proxy:SSL:intercepted_server_bytes@

    Trend-group: svc:proxy:HTTPS Forward Proxy:intercepted_client_bytes@
    Trend-group: svc:proxy:HTTPS Forward Proxy:intercepted_server_bytes@

    Note: this method could be misleading because there could be more proxies involved. For instance if you have a certain streaming traffic over SSL and you intercept such SSL traffic the bytes might be counted against let’s say  the Apple HLS or the Adobe HDS proxies and not SLL anymore. So – as I said – it depends on your settings.

    Maybe this helps.

    Kind Regards,

    Gunnar