Hotspot Username based URL log

mankomal · March 28, 2013, 9:15am

hello

I have been trying to search for this and was not able to find any topic so far.
Is it possible to log URL traffic hotspot username based instead of their IP addresses

14:07:16 web-proxy,account 192.168.200.102 GET http://bg2.v4.a.dl.ws.microsoft.com/dl/content/a/6/updt/2013/03/00443bbd-67d2-4d3e-af50-d0dda4a889f5_11a8ca6c445a05e95b725361b0696cf52eb275e9.appx?P1=1364460126&P2=1&P3=1&P4=Jp56PzangI427xkvqY%2bqWTJ8wZA%3d action=allow cache=MISS
14:07:16 web-proxy,account 192.168.200.250 GET http://r6---sn-ci5gup-qxae.c.pack.google.com/edgedl/chrome/win/29FF34C950B88A57/26.0.1410.43_chrome_installer.exe?ms=nvh&mv=m&mt=1364459823&ir=1&cms_redirect=yes action=allow cache=MISS
14:07:16 web-proxy,account 192.168.200.216 GET http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl action=allow cache=MISS

so that these IPs turn into username like xyz, abc etc etc that are listed on Hotspot

thanks in advance

mankomal · March 29, 2013, 5:53am

really want this .. can somebody not help
or is it not possible in MT

kraker · April 2, 2013, 6:50am

possible.

firstly you should determine the where to save your log file.remote device or same hotspot rb.if same rb you have to upgrade your memory cache like microsd.

if remote: system–logging—actions—remote=== set your remote syslog device ip.(ex. dude in windows)
system–logging—rules=== add new rule here.( add firewall to remote)

than:
ip—firewall —select protocol–tcp and udp (depends on you normally tcp)— chain forward----connection state new—action log.

thats it. than you should see the tcp connections in log part …

saostad · June 21, 2013, 8:22am

are you do it ?
is this config log visited websites URL with hotspot user name ?

jmorganhome · August 11, 2013, 8:32pm

Hi,

Apology first, as I am a bit new to all this.

I have set up a web proxy on port 80 to 8080 and done the system-logging steps as detailed above.

Now it looks like I am logging all traffic through the proxy, but I am also getting bucketfuls of other stuff.

The traffic I want to see is prefixed GET and the other stuff is prefixed POST.

My LAN IP is 192.168.88.1
My comp is on 192.168.88.252

Logging is set up like this:
Enabled: Y
Topics: web-proxy
! debug
Prefix: wpx
Action: memory

I’m getting a log full of these (2 or 3 every second):
Time: Aug/11/2013 21:33:01
Buffer: Memory
Topics: web-proxy account
Message: wpx: 192.168.88.252 POST http://192.168.88.1/jsproxy action=allow cache=MISS

I simply can’t get rid of them, and I only get them from my IP, not from other IPs on the same subnet.

If anyone could point me in the right direction, I’d be very grateful.

Thank you in advance,

John.

dash · February 7, 2016, 11:32pm

Not sure if you know… Your logging config (Topics: web-proxy ! debug Prefix: wpx) does not log just the traffic marked with the wpx prefix. It will furthermore add this prefix to every log entry…

You could use a log parser script (examples around here in the Forums) to filter for GET and POST and just write those to the syslog server.

While typing this i just noticed that this post is 3 years old. Nevertheless, this were my 2 cents…

jmorganhome · February 19, 2016, 12:07pm

With thanks to Dash for the recent response to my enquiry.

I had actually sourced an alternative solution, but I am now thinking of going back to the Mikrotik option. I will start reading up on your suggestion.

Thank you again.