Cloud Managed Networks

Dear Community,

It is mandatory to be compliant with french law to log any user traffic (accessed URLs) for at least 6 months.

I searched how to define local or public syslog servers in Central interface without any success.

Anyone knows if it's possible ?

Many thanks & best regards,

Franck.

You can configure a syslog server in the same way you can do it in IAPs deployments. In Aruba Central you have to select the group > Configuration > Wireless > System > Loggin. 

Hi Rafael and many thanks for your answer.

Are the APs under Central supposed to log user traffic (accessed URLs) ?

Hello,

did you found a solution for this problem? I´ve the same problem that we need to save the accessed URLs per Username.

Thank you

Martin

Unfortunately not... :(

No.

Access control by application filter. For this need is a web proxy.

If you want redirect all internet-facing traffic to a transparent proxy you can do it by configuring a dst-nat policy in the guest-role.

Something like this:

Hope this helps!

URL VISIBILITY

(config) # url-visibility

This feature is best used along with ALE.

http://www.arubanetworks.com/products/networking/analytics/ale/

There is no visibility support on IAP as a standalone solution.

show log system, i.e. sent to syslog, will only show if the configuration changes have taken effect & will not show the URL.

URL visibility data from IAP is fed to ALE periodically; this URL data will be available on IAP (temporary) as part of CLI-cmd 'show url-visibility' till IAP posts to ALE.

IAP5# show url-visibility 

Client URL List

----------------
SrcIP DstIP URL URL Length HitCount
----- ----- --- ---------- --------
192.168.50.101 54.165.205.112 sync.adaptv.advertis... 133 1
192.168.50.101 107.20.222.31 tap.rubiconproject.c... 57 1
192.168.50.101 54.239.26.242 fls-na.amazon.com/1/... 180 1
192.168.50.101 54.230.144.111 ecx.images-amazon.co... 77 1
192.168.50.101 216.58.192.228 google.com 10 1
192.168.50.101 54.239.26.242 fls-na.amazon.com/1/... 273 1

IAP's full URL data is sent to ALE server not to the syslog server.

You can also use CLI command - 'show url-visibility verbose' to get the full/whole URL detail in the cache.

For any IAP deployment which needs client URL data visibility, it has to consume from ALE rest/pub-sub mechanism. 

One major thing to note here is that, we can only extract the full URL for HTTP traffic. For HTTPs, it is only the domain name, & not the full URL, which can be extracted from SNI field of client hello exchnage. With most major sites moving towards defaulting to HTTPs, the number of useful sites you can extract is going to come down. Obviously it is useful for retail analytics with sites like amazon, which still keeps the product search/view in HTTP and move to HTTPs only in payment processing, but a majority of google sites are HTTPs only if you are signed-in.