URL Filtering - Exporting to Syslog

Purpose

Some organisations have the requirement to have visibility beyond what the SmartZone currently offers with regards to which URL's users have visited the aim of this guide is to demonstrate how to export those logs to a Syslog server so they can be retained indefinitely.

Pre-Requisite:

• Ensure the SmartZone is on version 5.1

Configuration

Step 1:

Configure the AP Zone to utilise Syslog

Step 2:

Modify the existing SSID and enable URL Filtering

Step 3:

Modify the existing SSID, under "Advanced Options" enable "Client Flow Data Logging"

Step 4:

In your syslog server, for each user TCP/UDP session you will receive two message like that (see below). The first won’t have the URL, the second (which arrives almost just after) will have it. In this example, the URL is our website “www.ruckuswireless.com”

Sep 21 16:24:28 Flowd[22301]: Ruckus-AP New Flow:"Src_MAC"="48:4B:AA:1D:3A:B2","Dst_MAC"="40:65:A3:4F:EA:EB","Src_IP"="192.168.3.179","Dst_IP"="104.20.42.32","Src_port"="65057","Dst_port"="443","L4protocol"="TCP","apMac"="2C:C5:D3:01:83:30,"URL"="www.ruckuswireless.com","SSID"="HN VLAN3","ZONE_NAME"="VL Mobile Lab"