Easy way to log proxy bloked urls

Hello,

Office 365 mail in Outlook sometimes stop working, if I allow all in webproxy, the mail work again for some time but after a time the issue happen again.
So I just want to know what is blocking the proxy when the mail is not working
If I create a logging rule for all “webproxy” topic, a lot of traffic is being logged
I prefer do not use a third party app to see the logs because I am no familiar with this kind of tools and they seems tricky to me.
Is there a way to log just blocked urls for an specific IP?

Thanks in advance.
Regards,
Damián

According to my experience, the issue is probably not that the proxy is blocking traffic, but that the Windows PC is suddenly not honoring the proxy configuration.
Outlook has the tendency of trying to connect to Office 365 directly, without using the proxy. After a while it displays a failure to connect message.
On other days it works OK via the proxy. I have not yet found why.

Hello,

Thanks for your response.
However I think this is a proxy issue, because, when I allow everything in the proxy, Outlook start working.

• Outlook works fine some days
• Some day Outlook stop getting connection
• Outlook does not work never
• I allow everything in the proxy server
• Outlook start working again
• I stop allowing everything in the proxy server (Revert to my previous settings)
• Outlook continue working
• Some days later the issue appears again until I allow everything again.

Thanks in advance.
Regards
Damián

What are you disallowing in the proxy?
It is difficult to predict what addresses outlook will connect, they are many different networks and all over the world.
Networks I have identified before (and put in an address list):

add address=20.180.0.0/14 list=microsoft
add address=20.184.0.0/13 list=microsoft
add address=40.112.0.0/13 list=microsoft
add address=40.120.0.0/14 list=microsoft
add address=40.124.0.0/16 list=microsoft
add address=40.125.0.0/17 list=microsoft
add address=40.64.0.0/13 list=microsoft
add address=40.74.0.0/15 list=microsoft
add address=40.76.0.0/14 list=microsoft
add address=40.80.0.0/12 list=microsoft
add address=40.96.0.0/12 list=microsoft
add address=51.140.0.0/14 list=microsoft
add address=52.112.0.0/14 list=microsoft
add address=52.145.0.0/16 list=microsoft
add address=52.146.0.0/15 list=microsoft
add address=52.148.0.0/14 list=microsoft
add address=52.152.0.0/13 list=microsoft
add address=52.160.0.0/11 list=microsoft
add address=52.224.0.0/11 list=microsoft
add address=52.96.0.0/12 list=microsoft
add address=64.4.0.0/18 list=microsoft
add address=65.52.0.0/14 list=microsoft
add address=104.40.0.0/13 list=microsoft
add address=111.221.29.0/24 list=microsoft
add address=13.104.0.0/14 list=microsoft
add address=13.64.0.0/11 list=microsoft
add address=137.117.0.0/16 list=microsoft
add address=138.91.0.0/16 list=microsoft
add address=13.96.0.0/13 list=microsoft
add address=168.61.0.0/16 list=microsoft
add address=168.62.0.0/15 list=microsoft
add address=191.232.0.0/14 list=microsoft

However it is not enough, new networks are appearing all the time.

Hello and thanks.

I have many webproxy access rules to allow many sites and the last one is a rule that deny all, it is like a “white list”
When I disable the rule to deny all, this start to work.
This issue started happening about 3 weeks ago, before, this worked fine for about 1 year or more.

So, I go back to the first question: Is there any way to log proxy denied traffic for one IP?

Regards.
Thanks in advance.
Damián

There is no way to do any filtering on the logging, I have submitted that as a feature request some time ago.
The only thing you can do is send all logging to an external device and do the filtering there.
(e.g. a Raspberry Pi running the normal rsyslogd with some custom rules or something more advanced like splunk)

Ok, thanks anyway

Regards,
Damián