Messages

1

22.1 Legacy Series / Http TLS/SSL Navigation logs - suricata or web proxy

« on: April 06, 2022, 07:58:43 pm »

Hi, I need to record the browsing logs of my users.

I already have the firewall and dns logs but I would like to record the http and https logs in case they commit something illegal.
I already have a syslog server and the logs are recorded in accordance with the law.

I have three questions:

1. I read that suricata provides custom logs (dns, http and TLS / SSL) that must be activated in its configuration file (ex. https://suricata.readthedocs.io/en/latest/output/custom-http-logging.html) but I don't see the possibility to activate them from the opnsense gui. Is it possible to somehow use this suricata feature? Is there a reason why this option is not available or can I try to contribute by adding it using pr?

2. If suricata cannot be used, what is the best way to record user browsing (navigation) logs? I guess I need to use a transparent web proxy but how can i get TLS/SSL logs without configuring certificates or showing users a man in the middle warning?

3. What are the best practices in this area?

Thanks for your availability, greetings.