Unable to view User-Agent details in Access Log

book

Article ID: 169066

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Unable to view User-Agent details in the access-log even though the access-log has the variable/field " http_user_agent" enabled for displaying the User-Agent details.

Fields: date time time-taken c-ip cs-username cs-auth-group x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-bluecoat-application-name x-bluecoat-application-operation

Cause

 If you have the field enabled for User Agent and still do not have the details populated on access log then please verify if SSL interception is turned on if not Proxy won't be able to identify the User Agent details. Sample below.

Without SSL interception
2016-05-04 10:26:08 360 10.0.0.6 - - - PROXIED "none" 0 TUNNELED unknown - ssl www.axisbank.com 443 - - 10.0.0.10 1509 1240 - none - - high www.axisbank.com "none"
2016-05-04 10:26:09 939 10.0.0.6 - - - PROXIED "none" 0 TUNNELED unknown - ssl www.axisbank.com 443 - - 10.0.0.10 823 3308 - none - - high www.axisbank.com "none"
2016-05-04 10:26:09 3104 10.0.0.6 - - - PROXIED "none" 0 TUNNELED unknown - ssl www.axisbank.com 443 - - 10.0.0.10 25982 5376 - none - - high www.axisbank.com "none"


With SSL interception
2016-05-04 10:25:34 636 10.0.0.6 - - - PROXIED "none" 200 TCP_NC_MISS GET image/png https www.axisbank.com 443 png "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)" 10.0.0.10 94375 721 - none - - high www.axisbank.com "none"
2016-05-04 10:25:35 900 10.0.0.6 - - - PROXIED "none" 200 TCP_NC_MISS GET image/jpeg https www.axisbank.com 443 jpg "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)" 10.0.0.10 100656 728 - none - - high www.axisbank.com "none"
2016-05-04 10:25:37 363 10.0.0.6 - - - PROXIED "none" 200 TCP_NC_MISS GET image/x-icon https www.axisbank.com 443 ico "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)" 10.0.0.10 1675 720 - none - - high www.axisbank.com "none"


 

Resolution

Enable Protocol Detection and SSL interception.