Community discussions

MikroTik App
 
eng2alaa
just joined
Topic Author
Posts: 6
Joined: Wed Nov 15, 2017 9:09 am

HTTPS does not records in Mikrotik log

Wed Nov 15, 2017 11:26 am

Hi All,

there is log show in log screen but it show only HTTP requests, can I see HTTPS requests in log screen?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: HTTPS does not records in Mikrotik log

Wed Nov 15, 2017 11:30 am

Not sure what you mean about HTTP logs. Did you configure transparent proxy for HTTP and enabled logging? Then yes, it will show.
HTTPS can't be proxied, so you can't achieve the same result. HTTPS is encrypted.
 
eng2alaa
just joined
Topic Author
Posts: 6
Joined: Wed Nov 15, 2017 9:09 am

Re: HTTPS does not records in Mikrotik log

Wed Nov 15, 2017 11:48 am

Not sure what you mean about HTTP logs. Did you configure transparent proxy for HTTP and enabled logging? Then yes, it will show.
HTTPS can't be proxied, so you can't achieve the same result. HTTPS is encrypted.
Thanks normis for your response.
Yes, logging is active and write on disk and remotely but for example if you request cnn.com it display on log screen >>
Time: Nov 15 11:29:15
IP: 192.168.1.2
Host: web-proxy,account
Facility:
Priority:
Tag:
Message: 192.168.1.99 GET http://cdn.cnn.com/cnnnext/dam/assets/1 ... -tease.jpg action=allow cache=MISS

<<<
But when you request facebook.com, google.com, youtube.com, etc. there is no thing appear on log because all become "https"
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: HTTPS does not records in Mikrotik log

Wed Nov 15, 2017 12:13 pm

Yes it's true. HTTPS is encrypted so you can't trace it. This is the purpose of HTTPS :)
 
eng2alaa
just joined
Topic Author
Posts: 6
Joined: Wed Nov 15, 2017 9:09 am

Re: HTTPS does not records in Mikrotik log

Wed Nov 15, 2017 12:54 pm

Ok, I understand now. is there is a expert way to trace the encrypted HTTPS requests?
because I want to record all breached roles.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: HTTPS does not records in Mikrotik log

Wed Nov 15, 2017 12:55 pm

This is not possible
 
eng2alaa
just joined
Topic Author
Posts: 6
Joined: Wed Nov 15, 2017 9:09 am

Re: HTTPS does not records in Mikrotik log

Wed Nov 15, 2017 1:02 pm

This is not possible
Thank you very much Normis
 
troffasky
Member
Member
Posts: 436
Joined: Wed Mar 26, 2014 4:37 pm

Re: HTTPS does not records in Mikrotik log

Wed Nov 15, 2017 6:12 pm

This is not possible
I have to disagree here. As an example, Squid logs the hostname that it proxied the connection to along with the number of bytes transferred.
 
eng2alaa
just joined
Topic Author
Posts: 6
Joined: Wed Nov 15, 2017 9:09 am

Re: HTTPS does not records in Mikrotik log

Thu Nov 16, 2017 9:13 am

This is not possible
I have to disagree here. As an example, Squid logs the hostname that it proxied the connection to along with the number of bytes transferred.
Hi troffasky,

Could you please give me notes about squid logs to Monitoring of web searches and video viewing by employees especially "https".
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: HTTPS does not records in Mikrotik log

Thu Nov 16, 2017 9:16 am

This is not possible
I have to disagree here. As an example, Squid logs the hostname that it proxied the connection to along with the number of bytes transferred.
For http yes. How is the squid transparently proxying https without the end user getting problems?
 
troffasky
Member
Member
Posts: 436
Joined: Wed Mar 26, 2014 4:37 pm

Re: HTTPS does not records in Mikrotik log

Thu Nov 16, 2017 6:30 pm

This is not possible
I have to disagree here. As an example, Squid logs the hostname that it proxied the connection to along with the number of bytes transferred.
Hi troffasky,

Could you please give me notes about squid logs to Monitoring of web searches and video viewing by employees especially "https".
Do you want to break the SSL connection? The only thing you'll get with HTTPS [edit: if you're explicitly proxying it] is the hostname that the connection was proxied to and the number of bytes transferred.
1510849421.345   2610 192.168.1.3 TCP_TUNNEL/200 9926 CONNECT i.mt.lv:443 - HIER_DIRECT/2a02:610:7501:1000::197 -
1510849423.908   6511 192.168.1.3 TCP_TUNNEL/200 9417 CONNECT wiki.mikrotik.com:443 - HIER_DIRECT/2a02:610:7501:1000::201 -
1510849423.931   7546 192.168.1.3 TCP_TUNNEL/200 114953 CONNECT wiki.mikrotik.com:443 - HIER_DIRECT/2a02:610:7501:1000::201 -
Last edited by troffasky on Thu Nov 16, 2017 6:35 pm, edited 1 time in total.
 
troffasky
Member
Member
Posts: 436
Joined: Wed Mar 26, 2014 4:37 pm

Re: HTTPS does not records in Mikrotik log

Thu Nov 16, 2017 6:34 pm

How is the squid transparently proxying https without the end user getting problems?
Having re-read the thread, I have misunderstood. I had assumed the OP was using an explicit proxy not a transparent one.
 
troffasky
Member
Member
Posts: 436
Joined: Wed Mar 26, 2014 4:37 pm

Re: HTTPS does not records in Mikrotik log

Thu Nov 16, 2017 6:39 pm

Ok, I understand now. is there is a expert way to trace the encrypted HTTPS requests?
because I want to record all breached roles.
You can monitor encrypted traffic but there are legal and technical obstacles. You need to a) work out if it's legal where you are b) get the monitored devices to trust a certificate that you can re-encrypt their traffic with.
 
reinerotto
Long time Member
Long time Member
Posts: 523
Joined: Thu Dec 04, 2008 2:35 am

Re: HTTPS does not records in Mikrotik log

Sun Nov 19, 2017 6:44 pm

The only thing you'll get with HTTPS [edit: if you're explicitly proxying it] is the hostname that the connection was proxied to
I have to disagree here. You can get the same info for transparently proxied https, using squid.
However, configuring "splice/bump" for this is non-trivial.

Who is online

Users browsing this forum: kbabioch, seriosha and 33 guests