Full Individual Report??

[jjj]

Is there a way to get every website (full URL) that a user (ip address) visited? The main report only contains a short list of them.

[sky-knight]

Yes, there is a section of the web filter report where you can get a detailed view per ip and user.

Open the HTML report, in *untangleip*/reports

Click Web Filter, and look below the numbers. You have 5 reports to choose, Summary, User Summary, and Logged Violations by user, time, and client.

[jjj]

Yeah, I saw those. But the they don't tell you the full URL and don't give a timestamp. Is there any way to query the database manually?

[sky-knight]

Yes

http://forums.untangle.com/reports/2...porting-2.html

[jjj]

Sweet. Thanks!

[jjj]

Ok...I have access to the database thanks to that awesome post.

Now.......where is the data? I see the hit report table Schema>reports>webpages_date (which includes the domain and timestamp for each IP Address), but where are the exact, full URLs stored? I can't seem to find those. What table is the violation stuff stored in (that has the full URL I'm talking about, except I want it for more than just violations...I want every URL the user went to).

Thanks!

[sky-knight]

That is the question, there are no database maps so you get to shuffle through that on your own.

[jjj]

But someone has to have dug in there before. I don't think the full URL is stored in the database.... It is probably written out to some log then parsed through later.

[jjj]

Oh! I think I found something... Under Schemas > Events > Tables > n_http_req_line it looks like it is the other half of the URL (the details half). Now I just need to match up the domain with this stuff.... hmmmmmmmm.

[jjj]

Found it... The n_http_evt_req table has the domain..

Sweetness.