start transaction ------------------- CPL Evaluation Trace: transaction ID=-732804203 transaction type: qualifier-index=1 name=http service=SG-HTTP-Service module=HTTP miss : condition=__CondList1ClientIP_Bypass_Authen miss : client.address=10.248.9.23 miss : client.address=WiFi_Guest miss : client.address=WiFi_Tesco MATCH: category=Bypass_Authen authenticate(no) n/a : condition=SILENT_USERS client.address="Client Store Object" MATCH: access_log[Splunk](yes) condition=__CondList1DC_User_Group n/a : condition=__CondList1DC_User_Group miss : client.address=Server_WSUS miss : client.address=172.30.52.198 miss : category=Blockvirus miss : condition="__CondList1WiFi User Group" miss : client.address=172.30.52.137 n/a : condition=__GROUP160 MATCH: ALLOW category=whitelist miss : server_url.domain=http://privus.fda.moph.go.th/ miss : server_url.domain=//164.115.28.101/ miss : server_url.domain=https://lpsom.ocset.net/ miss : client.address=172.30.52.140 n/a : condition=__GROUP1185 n/a : condition=__GROUP854 n/a : condition=__GROUP855 miss : client.address=WiFi_Guest miss : client.address=WiFi_Tesco MATCH: reflect_ip(172.30.59.18) MATCH: access_log[Splunk](yes) miss : client.address=SplunkForwarder miss : url.domain=//msftncsi.com/ n/a : condition=SILENT_USERS miss : url.domain=//www.youtube.com/ miss : client.address=10.23.0.0/16 miss : client.address=10.26.0.0/16 miss : url.domain=//www.ereportmatra80.com/ miss : url.domain=//dld.go.th/ miss : url.domain=//autodiscover.tesco.onmicrosoft.com/ miss : url.domain=//tesco.onmicrosoft.com/ MATCH: ALLOW client.address=114.24.3.168 authenticate(no) detect_protocol(none) MATCH: client.address=114.24.3.168 trace.request(yes) trace.rules(all) trace.destination(google-play) connection: service.name=Explicit HTTP client.address=114.24.3.168 proxy.port=80 time: 2019-08-28 09:15:20 UTC CONNECT tcp://mobilenetworkscoring-pa.googleapis.com:443/ DNS lookup was unrestricted User-Agent: Dalvik/2.1.0 (Linux; U; Android 8.1.0; SM-T395 Build/M1AJQ) user: unauthenticated authentication status='not_attempted' authorization status='not_attempted' client.host: 114-24-3-168.dynamic-ip.hinet.net (rdns resolution: ) url.category: Custom_Block_Store@Policy;Allow_MS_o365@Policy;Allow_ManualList@Policy;Bypass_Authen@Policy;whitelist@Policy;MS_Office365_Bypass_Authen@Policy;Technology@Blue Coat total categorization time: 4 static categorization time: 4 server.response.code: 0 client.response.code: 200 application.name: none application.operation: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 685741 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 4 ms scan-request-completed: start 5 elapsed 0 ms server-out: start 5 elapsed 0 ms access-logging: start 685741 elapsed 0 ms stop-transaction: start 685741 elapsed 0 ms Total Policy evaluation time: 4 ms url_categorization complete time: 5 client connection: first-response-byte 0 last-response-byte 685741 stop transaction -------------------- start transaction ------------------- CPL Evaluation Trace: transaction ID=-732784006 transaction type: qualifier-index=1 name=http service=SG-HTTP-Service module=HTTP miss : condition=__CondList1ClientIP_Bypass_Authen miss : client.address=10.248.9.23 miss : client.address=WiFi_Guest miss : client.address=WiFi_Tesco MATCH: category=Bypass_Authen authenticate(no) n/a : condition=SILENT_USERS client.address="Client Store Object" MATCH: access_log[Splunk](yes) condition=__CondList1DC_User_Group n/a : condition=__CondList1DC_User_Group miss : client.address=Server_WSUS miss : client.address=172.30.52.198 miss : category=Blockvirus miss : condition="__CondList1WiFi User Group" miss : client.address=172.30.52.137 n/a : condition=__GROUP160 MATCH: ALLOW category=whitelist miss : server_url.domain=http://privus.fda.moph.go.th/ miss : server_url.domain=//164.115.28.101/ miss : server_url.domain=https://lpsom.ocset.net/ miss : client.address=172.30.52.140 n/a : condition=__GROUP1185 n/a : condition=__GROUP854 n/a : condition=__GROUP855 miss : client.address=WiFi_Guest miss : client.address=WiFi_Tesco MATCH: reflect_ip(172.30.59.18) MATCH: access_log[Splunk](yes) miss : client.address=SplunkForwarder miss : url.domain=//msftncsi.com/ n/a : condition=SILENT_USERS miss : url.domain=//www.youtube.com/ miss : client.address=10.23.0.0/16 miss : client.address=10.26.0.0/16 miss : url.domain=//www.ereportmatra80.com/ miss : url.domain=//dld.go.th/ miss : url.domain=//autodiscover.tesco.onmicrosoft.com/ miss : url.domain=//tesco.onmicrosoft.com/ MATCH: ALLOW client.address=114.24.3.168 authenticate(no) detect_protocol(none) MATCH: client.address=114.24.3.168 trace.request(yes) trace.rules(all) trace.destination(google-play) connection: service.name=Explicit HTTP client.address=114.24.3.168 proxy.port=80 time: 2019-08-28 09:15:54 UTC CONNECT tcp://play.googleapis.com:443/ DNS lookup was unrestricted User-Agent: Dalvik/2.1.0 (Linux; U; Android 8.1.0; SM-T395 Build/M1AJQ) user: unauthenticated authentication status='not_attempted' authorization status='not_attempted' client.host: 114-24-3-168.dynamic-ip.hinet.net (rdns resolution: ) url.category: Custom_Block_Store@Policy;Allow_MS_o365@Policy;Allow_ManualList@Policy;Bypass_Authen@Policy;whitelist@Policy;MS_Office365_Bypass_Authen@Policy;Technology@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 200 application.name: none application.operation: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 686610 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms scan-request-completed: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms access-logging: start 686609 elapsed 1 ms stop-transaction: start 686610 elapsed 0 ms Total Policy evaluation time: 1 ms url_categorization complete time: 1 client connection: first-response-byte 0 last-response-byte 686609 stop transaction -------------------- start transaction ------------------- CPL Evaluation Trace: transaction ID=-732247862 transaction type: qualifier-index=1 name=http service=SG-HTTP-Service module=HTTP miss : condition=__CondList1ClientIP_Bypass_Authen miss : client.address=10.248.9.23 miss : client.address=WiFi_Guest miss : client.address=WiFi_Tesco MATCH: category=Bypass_Authen authenticate(no) n/a : condition=SILENT_USERS client.address="Client Store Object" MATCH: access_log[Splunk](yes) condition=__CondList1DC_User_Group n/a : condition=__CondList1DC_User_Group miss : client.address=Server_WSUS miss : client.address=172.30.52.198 miss : category=Blockvirus miss : condition="__CondList1WiFi User Group" miss : client.address=172.30.52.137 n/a : condition=__GROUP160 MATCH: ALLOW category=whitelist miss : server_url.domain=http://privus.fda.moph.go.th/ miss : server_url.domain=//164.115.28.101/ miss : server_url.domain=https://lpsom.ocset.net/ miss : client.address=172.30.52.140 n/a : condition=__GROUP1185 n/a : condition=__GROUP854 n/a : condition=__GROUP855 miss : client.address=WiFi_Guest miss : client.address=WiFi_Tesco MATCH: reflect_ip(172.30.59.18) MATCH: access_log[Splunk](yes) MATCH: client.address=SplunkForwarder socks.authenticate(iwa_bcaaa) socks.authenticate.force(no) miss : url.domain=//msftncsi.com/ n/a : condition=SILENT_USERS miss : url.domain=//www.youtube.com/ miss : client.address=10.23.0.0/16 miss : client.address=10.26.0.0/16 miss : url.domain=//www.ereportmatra80.com/ miss : url.domain=//dld.go.th/ miss : url.domain=//autodiscover.tesco.onmicrosoft.com/ miss : url.domain=//tesco.onmicrosoft.com/ MATCH: ALLOW client.address=114.24.3.168 authenticate(no) detect_protocol(none) MATCH: client.address=114.24.3.168 trace.request(yes) trace.rules(all) trace.destination(google-play) connection: service.name=Explicit HTTP client.address=114.24.3.168 proxy.port=80 time: 2019-08-28 09:30:56 UTC CONNECT tcp://android.clients.google.com:443/ DNS lookup was unrestricted User-Agent: com.android.vending/81612300 (Linux; U; Android 8.1.0; en_US; SM-T395; Build/M1AJQ; Cronet/76.0.3809.21) user: unauthenticated authentication status='not_attempted' authorization status='not_attempted' client.host: 114-24-3-168.dynamic-ip.hinet.net (rdns resolution: ) url.category: Custom_Block_Store@Policy;Custom_Allow_URL_group4@Policy;Custom_Allow_URL_group2@Policy;Allow_MS_o365@Policy;Allow_ManualList@Policy;Bypass_Authen@Policy;whitelist@Policy;MS_Office365_Bypass_Authen@Policy;Technology@Blue Coat total categorization time: 3 static categorization time: 3 server.response.code: 0 client.response.code: 200 application.name: none application.operation: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 717 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 111 elapsed 3 ms scan-request-completed: start 114 elapsed 0 ms server-out: start 114 elapsed 0 ms server-in: start 348 elapsed 0 ms client-out: start 348 elapsed 0 ms access-logging: start 717 elapsed 0 ms stop-transaction: start 717 elapsed 0 ms Total Policy evaluation time: 3 ms url_categorization complete time: 114 client connection: first-response-byte 0 last-response-byte 717 stop transaction -------------------- start transaction ------------------- CPL Evaluation Trace: transaction ID=-732247614 transaction type: qualifier-index=1 name=http service=SG-HTTP-Service module=HTTP miss : condition=__CondList1ClientIP_Bypass_Authen miss : client.address=10.248.9.23 miss : client.address=WiFi_Guest miss : client.address=WiFi_Tesco MATCH: category=Bypass_Authen authenticate(no) n/a : condition=SILENT_USERS client.address="Client Store Object" MATCH: access_log[Splunk](yes) condition=__CondList1DC_User_Group n/a : condition=__CondList1DC_User_Group miss : client.address=Server_WSUS miss : client.address=172.30.52.198 miss : category=Blockvirus miss : condition="__CondList1WiFi User Group" miss : client.address=172.30.52.137 n/a : condition=__GROUP160 MATCH: ALLOW category=whitelist miss : server_url.domain=http://privus.fda.moph.go.th/ miss : server_url.domain=//164.115.28.101/ miss : server_url.domain=https://lpsom.ocset.net/ miss : client.address=172.30.52.140 n/a : condition=__GROUP1185 n/a : condition=__GROUP854 n/a : condition=__GROUP855 miss : client.address=WiFi_Guest miss : client.address=WiFi_Tesco MATCH: reflect_ip(172.30.59.18) MATCH: access_log[Splunk](yes) MATCH: client.address=SplunkForwarder socks.authenticate(iwa_bcaaa) socks.authenticate.force(no) miss : url.domain=//msftncsi.com/ n/a : condition=SILENT_USERS miss : url.domain=//www.youtube.com/ miss : client.address=10.23.0.0/16 miss : client.address=10.26.0.0/16 miss : url.domain=//www.ereportmatra80.com/ miss : url.domain=//dld.go.th/ miss : url.domain=//autodiscover.tesco.onmicrosoft.com/ miss : url.domain=//tesco.onmicrosoft.com/ MATCH: ALLOW client.address=114.24.3.168 authenticate(no) detect_protocol(none) MATCH: client.address=114.24.3.168 trace.request(yes) trace.rules(all) trace.destination(google-play) connection: service.name=Explicit HTTP client.address=114.24.3.168 proxy.port=80 time: 2019-08-28 09:30:56 UTC CONNECT tcp://android.clients.google.com:443/ DNS lookup was unrestricted User-Agent: com.android.vending/81612300 (Linux; U; Android 8.1.0; en_US; SM-T395; Build/M1AJQ; Cronet/76.0.3809.21) user: unauthenticated authentication status='not_attempted' authorization status='not_attempted' client.host: 114-24-3-168.dynamic-ip.hinet.net (rdns resolution: ) url.category: Custom_Block_Store@Policy;Custom_Allow_URL_group4@Policy;Custom_Allow_URL_group2@Policy;Allow_MS_o365@Policy;Allow_ManualList@Policy;Bypass_Authen@Policy;whitelist@Policy;MS_Office365_Bypass_Authen@Policy;Technology@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 200 application.name: none application.operation: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 294 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 89 elapsed 0 ms scan-request-completed: start 89 elapsed 0 ms server-out: start 89 elapsed 0 ms server-in: start 269 elapsed 0 ms client-out: start 269 elapsed 0 ms access-logging: start 294 elapsed 0 ms stop-transaction: start 294 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 89 client connection: first-response-byte 0 last-response-byte 294 stop transaction -------------------- start transaction ------------------- CPL Evaluation Trace: transaction ID=-732247194 transaction type: qualifier-index=1 name=http service=SG-HTTP-Service module=HTTP miss : condition=__CondList1ClientIP_Bypass_Authen miss : client.address=10.248.9.23 miss : client.address=WiFi_Guest miss : client.address=WiFi_Tesco MATCH: category=Bypass_Authen authenticate(no) n/a : condition=SILENT_USERS client.address="Client Store Object" MATCH: access_log[Splunk](yes) condition=__CondList1DC_User_Group n/a : condition=__CondList1DC_User_Group miss : client.address=Server_WSUS miss : client.address=172.30.52.198 miss : category=Blockvirus miss : condition="__CondList1WiFi User Group" miss : client.address=172.30.52.137 n/a : condition=__GROUP160 MATCH: ALLOW category=whitelist miss : server_url.domain=http://privus.fda.moph.go.th/ miss : server_url.domain=//164.115.28.101/ miss : server_url.domain=https://lpsom.ocset.net/ miss : client.address=172.30.52.140 n/a : condition=__GROUP1185 n/a : condition=__GROUP854 n/a : condition=__GROUP855 miss : client.address=WiFi_Guest miss : client.address=WiFi_Tesco MATCH: reflect_ip(172.30.59.18) MATCH: access_log[Splunk](yes) MATCH: client.address=SplunkForwarder socks.authenticate(iwa_bcaaa) socks.authenticate.force(no) miss : url.domain=//msftncsi.com/ n/a : condition=SILENT_USERS miss : url.domain=//www.youtube.com/ miss : client.address=10.23.0.0/16 miss : client.address=10.26.0.0/16 miss : url.domain=//www.ereportmatra80.com/ miss : url.domain=//dld.go.th/ miss : url.domain=//autodiscover.tesco.onmicrosoft.com/ miss : url.domain=//tesco.onmicrosoft.com/ MATCH: ALLOW client.address=114.24.3.168 authenticate(no) detect_protocol(none) MATCH: client.address=114.24.3.168 trace.request(yes) trace.rules(all) trace.destination(google-play) connection: service.name=Explicit HTTP client.address=114.24.3.168 proxy.port=80 time: 2019-08-28 09:30:57 UTC CONNECT tcp://lh3.googleusercontent.com:443/ DNS lookup was unrestricted User-Agent: com.android.vending/81612300 (Linux; U; Android 8.1.0; en_US; SM-T395; Build/M1AJQ; Cronet/76.0.3809.21) user: unauthenticated authentication status='not_attempted' authorization status='not_attempted' client.host: 114-24-3-168.dynamic-ip.hinet.net (rdns resolution: ) url.category: Allow_ManualList@Policy;Bypass_Authen@Policy;whitelist@Policy;MS_Office365_Bypass_Authen@Policy;Content Delivery Networks@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 200 application.name: none application.operation: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 2727 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 105 elapsed 0 ms scan-request-completed: start 105 elapsed 0 ms server-out: start 105 elapsed 0 ms server-in: start 234 elapsed 0 ms client-out: start 234 elapsed 0 ms access-logging: start 2727 elapsed 0 ms stop-transaction: start 2727 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 105 client connection: first-response-byte 0 last-response-byte 2727 stop transaction -------------------- start transaction ------------------- CPL Evaluation Trace: transaction ID=-732784992 transaction type: qualifier-index=1 name=http service=SG-HTTP-Service module=HTTP miss : condition=__CondList1ClientIP_Bypass_Authen miss : client.address=10.248.9.23 miss : client.address=WiFi_Guest miss : client.address=WiFi_Tesco MATCH: category=Bypass_Authen authenticate(no) n/a : condition=SILENT_USERS client.address="Client Store Object" MATCH: access_log[Splunk](yes) condition=__CondList1DC_User_Group n/a : condition=__CondList1DC_User_Group miss : client.address=Server_WSUS miss : client.address=172.30.52.198 miss : category=Blockvirus miss : condition="__CondList1WiFi User Group" miss : client.address=172.30.52.137 n/a : condition=__GROUP160 MATCH: ALLOW category=whitelist miss : server_url.domain=http://privus.fda.moph.go.th/ miss : server_url.domain=//164.115.28.101/ miss : server_url.domain=https://lpsom.ocset.net/ miss : client.address=172.30.52.140 n/a : condition=__GROUP1185 n/a : condition=__GROUP854 n/a : condition=__GROUP855 miss : client.address=WiFi_Guest miss : client.address=WiFi_Tesco MATCH: reflect_ip(172.30.59.18) MATCH: access_log[Splunk](yes) miss : client.address=SplunkForwarder miss : url.domain=//msftncsi.com/ n/a : condition=SILENT_USERS miss : url.domain=//www.youtube.com/ miss : client.address=10.23.0.0/16 miss : client.address=10.26.0.0/16 miss : url.domain=//www.ereportmatra80.com/ miss : url.domain=//dld.go.th/ miss : url.domain=//autodiscover.tesco.onmicrosoft.com/ miss : url.domain=//tesco.onmicrosoft.com/ MATCH: ALLOW client.address=114.24.3.168 authenticate(no) detect_protocol(none) MATCH: client.address=114.24.3.168 trace.request(yes) trace.rules(all) trace.destination(google-play) connection: service.name=Explicit HTTP client.address=114.24.3.168 proxy.port=80 time: 2019-08-28 09:15:52 UTC CONNECT tcp://mobilenetworkscoring-pa.googleapis.com:443/ DNS lookup was unrestricted User-Agent: Dalvik/2.1.0 (Linux; U; Android 8.1.0; SM-T395 Build/M1AJQ) user: unauthenticated authentication status='not_attempted' authorization status='not_attempted' client.host: 114-24-3-168.dynamic-ip.hinet.net (rdns resolution: ) url.category: Custom_Block_Store@Policy;Allow_MS_o365@Policy;Allow_ManualList@Policy;Bypass_Authen@Policy;whitelist@Policy;MS_Office365_Bypass_Authen@Policy;Technology@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 200 application.name: none application.operation: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 915632 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 8 elapsed 0 ms scan-request-completed: start 8 elapsed 0 ms server-out: start 8 elapsed 0 ms server-in: start 80 elapsed 0 ms client-out: start 80 elapsed 0 ms access-logging: start 915632 elapsed 0 ms stop-transaction: start 915632 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 8 client connection: first-response-byte 0 last-response-byte 915632 stop transaction -------------------- start transaction ------------------- CPL Evaluation Trace: transaction ID=-732250208 transaction type: qualifier-index=1 name=http service=SG-HTTP-Service module=HTTP miss : condition=__CondList1ClientIP_Bypass_Authen miss : client.address=10.248.9.23 miss : client.address=WiFi_Guest miss : client.address=WiFi_Tesco MATCH: category=Bypass_Authen authenticate(no) n/a : condition=SILENT_USERS client.address="Client Store Object" MATCH: access_log[Splunk](yes) condition=__CondList1DC_User_Group n/a : condition=__CondList1DC_User_Group miss : client.address=Server_WSUS miss : client.address=172.30.52.198 miss : category=Blockvirus miss : condition="__CondList1WiFi User Group" miss : client.address=172.30.52.137 n/a : condition=__GROUP160 MATCH: ALLOW category=whitelist miss : server_url.domain=http://privus.fda.moph.go.th/ miss : server_url.domain=//164.115.28.101/ miss : server_url.domain=https://lpsom.ocset.net/ miss : client.address=172.30.52.140 n/a : condition=__GROUP1185 n/a : condition=__GROUP854 n/a : condition=__GROUP855 miss : client.address=WiFi_Guest miss : client.address=WiFi_Tesco MATCH: reflect_ip(172.30.59.18) MATCH: access_log[Splunk](yes) MATCH: client.address=SplunkForwarder socks.authenticate(iwa_bcaaa) socks.authenticate.force(no) miss : url.domain=//msftncsi.com/ n/a : condition=SILENT_USERS miss : url.domain=//www.youtube.com/ miss : client.address=10.23.0.0/16 miss : client.address=10.26.0.0/16 miss : url.domain=//www.ereportmatra80.com/ miss : url.domain=//dld.go.th/ miss : url.domain=//autodiscover.tesco.onmicrosoft.com/ miss : url.domain=//tesco.onmicrosoft.com/ MATCH: ALLOW client.address=114.24.3.168 authenticate(no) detect_protocol(none) MATCH: client.address=114.24.3.168 trace.request(yes) trace.rules(all) trace.destination(google-play) connection: service.name=Explicit HTTP client.address=114.24.3.168 proxy.port=80 time: 2019-08-28 09:30:52 UTC CONNECT tcp://connectivitycheck.gstatic.com:443/ DNS lookup was unrestricted User-Agent: Dalvik/2.1.0 (Linux; U; Android 8.1.0; SM-T395 Build/M1AJQ) user: unauthenticated authentication status='not_attempted' authorization status='not_attempted' client.host: 114-24-3-168.dynamic-ip.hinet.net (rdns resolution: ) url.category: Custom_Block_Store@Policy;Allow_ManualList@Policy;Bypass_Authen@Policy;whitelist@Policy;MS_Office365_Bypass_Authen@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 200 application.name: none application.operation: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 135099 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms scan-request-completed: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 270 elapsed 0 ms client-out: start 270 elapsed 0 ms access-logging: start 135099 elapsed 0 ms stop-transaction: start 135099 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 1 client connection: first-response-byte 0 last-response-byte 135099 stop transaction -------------------- start transaction ------------------- CPL Evaluation Trace: transaction ID=-732238586 transaction type: qualifier-index=1 name=http service=SG-HTTP-Service module=HTTP miss : condition=__CondList1ClientIP_Bypass_Authen miss : client.address=10.248.9.23 miss : client.address=WiFi_Guest miss : client.address=WiFi_Tesco MATCH: category=Bypass_Authen authenticate(no) n/a : condition=SILENT_USERS client.address="Client Store Object" MATCH: access_log[Splunk](yes) condition=__CondList1DC_User_Group n/a : condition=__CondList1DC_User_Group miss : client.address=Server_WSUS miss : client.address=172.30.52.198 miss : category=Blockvirus miss : condition="__CondList1WiFi User Group" miss : client.address=172.30.52.137 n/a : condition=__GROUP160 MATCH: ALLOW category=whitelist miss : server_url.domain=http://privus.fda.moph.go.th/ miss : server_url.domain=//164.115.28.101/ miss : server_url.domain=https://lpsom.ocset.net/ miss : client.address=172.30.52.140 n/a : condition=__GROUP1185 n/a : condition=__GROUP854 n/a : condition=__GROUP855 miss : client.address=WiFi_Guest miss : client.address=WiFi_Tesco MATCH: reflect_ip(172.30.59.18) MATCH: access_log[Splunk](yes) MATCH: client.address=SplunkForwarder socks.authenticate(iwa_bcaaa) socks.authenticate.force(no) miss : url.domain=//msftncsi.com/ n/a : condition=SILENT_USERS miss : url.domain=//www.youtube.com/ miss : client.address=10.23.0.0/16 miss : client.address=10.26.0.0/16 miss : url.domain=//www.ereportmatra80.com/ miss : url.domain=//dld.go.th/ miss : url.domain=//autodiscover.tesco.onmicrosoft.com/ miss : url.domain=//tesco.onmicrosoft.com/ MATCH: ALLOW client.address=114.24.3.168 authenticate(no) detect_protocol(none) MATCH: client.address=114.24.3.168 trace.request(yes) trace.rules(all) trace.destination(google-play) connection: service.name=Explicit HTTP client.address=114.24.3.168 proxy.port=80 time: 2019-08-28 09:31:12 UTC CONNECT tcp://play.googleapis.com:443/ DNS lookup was unrestricted User-Agent: Dalvik/2.1.0 (Linux; U; Android 8.1.0; SM-T395 Build/M1AJQ) user: unauthenticated authentication status='not_attempted' authorization status='not_attempted' client.host: 114-24-3-168.dynamic-ip.hinet.net (rdns resolution: ) url.category: Custom_Block_Store@Policy;Allow_MS_o365@Policy;Allow_ManualList@Policy;Bypass_Authen@Policy;whitelist@Policy;MS_Office365_Bypass_Authen@Policy;Technology@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 200 application.name: none application.operation: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 114414 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 8 elapsed 1 ms scan-request-completed: start 9 elapsed 0 ms server-out: start 9 elapsed 0 ms server-in: start 78 elapsed 0 ms client-out: start 78 elapsed 0 ms access-logging: start 114414 elapsed 0 ms stop-transaction: start 114414 elapsed 0 ms Total Policy evaluation time: 1 ms url_categorization complete time: 8 client connection: first-response-byte 0 last-response-byte 114414 stop transaction -------------------- start transaction ------------------- CPL Evaluation Trace: transaction ID=-732247193 transaction type: qualifier-index=1 name=http service=SG-HTTP-Service module=HTTP miss : condition=__CondList1ClientIP_Bypass_Authen miss : client.address=10.248.9.23 miss : client.address=WiFi_Guest miss : client.address=WiFi_Tesco MATCH: category=Bypass_Authen authenticate(no) n/a : condition=SILENT_USERS client.address="Client Store Object" MATCH: access_log[Splunk](yes) condition=__CondList1DC_User_Group n/a : condition=__CondList1DC_User_Group miss : client.address=Server_WSUS miss : client.address=172.30.52.198 miss : category=Blockvirus miss : condition="__CondList1WiFi User Group" miss : client.address=172.30.52.137 n/a : condition=__GROUP160 MATCH: ALLOW category=whitelist miss : server_url.domain=http://privus.fda.moph.go.th/ miss : server_url.domain=//164.115.28.101/ miss : server_url.domain=https://lpsom.ocset.net/ miss : client.address=172.30.52.140 n/a : condition=__GROUP1185 n/a : condition=__GROUP854 n/a : condition=__GROUP855 miss : client.address=WiFi_Guest miss : client.address=WiFi_Tesco MATCH: reflect_ip(172.30.59.18) MATCH: access_log[Splunk](yes) MATCH: client.address=SplunkForwarder socks.authenticate(iwa_bcaaa) socks.authenticate.force(no) miss : url.domain=//msftncsi.com/ n/a : condition=SILENT_USERS miss : url.domain=//www.youtube.com/ miss : client.address=10.23.0.0/16 miss : client.address=10.26.0.0/16 miss : url.domain=//www.ereportmatra80.com/ miss : url.domain=//dld.go.th/ miss : url.domain=//autodiscover.tesco.onmicrosoft.com/ miss : url.domain=//tesco.onmicrosoft.com/ MATCH: ALLOW client.address=114.24.3.168 authenticate(no) detect_protocol(none) MATCH: client.address=114.24.3.168 trace.request(yes) trace.rules(all) trace.destination(google-play) connection: service.name=Explicit HTTP client.address=114.24.3.168 proxy.port=80 time: 2019-08-28 09:30:57 UTC CONNECT tcp://lh3.googleusercontent.com:443/ DNS lookup was unrestricted User-Agent: com.android.vending/81612300 (Linux; U; Android 8.1.0; en_US; SM-T395; Build/M1AJQ; Cronet/76.0.3809.21) user: unauthenticated authentication status='not_attempted' authorization status='not_attempted' client.host: 114-24-3-168.dynamic-ip.hinet.net (rdns resolution: ) url.category: Allow_ManualList@Policy;Bypass_Authen@Policy;whitelist@Policy;MS_Office365_Bypass_Authen@Policy;Content Delivery Networks@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 200 application.name: none application.operation: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 129563 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 105 elapsed 0 ms scan-request-completed: start 105 elapsed 0 ms server-out: start 105 elapsed 0 ms server-in: start 235 elapsed 0 ms client-out: start 235 elapsed 0 ms access-logging: start 129563 elapsed 0 ms stop-transaction: start 129563 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 105 client connection: first-response-byte 0 last-response-byte 129563 stop transaction -------------------- start transaction ------------------- CPL Evaluation Trace: transaction ID=-732247692 transaction type: qualifier-index=1 name=http service=SG-HTTP-Service module=HTTP miss : condition=__CondList1ClientIP_Bypass_Authen miss : client.address=10.248.9.23 miss : client.address=WiFi_Guest miss : client.address=WiFi_Tesco MATCH: category=Bypass_Authen authenticate(no) n/a : condition=SILENT_USERS client.address="Client Store Object" MATCH: access_log[Splunk](yes) condition=__CondList1DC_User_Group n/a : condition=__CondList1DC_User_Group miss : client.address=Server_WSUS miss : client.address=172.30.52.198 miss : category=Blockvirus miss : condition="__CondList1WiFi User Group" miss : client.address=172.30.52.137 n/a : condition=__GROUP160 MATCH: ALLOW category=whitelist miss : server_url.domain=http://privus.fda.moph.go.th/ miss : server_url.domain=//164.115.28.101/ miss : server_url.domain=https://lpsom.ocset.net/ miss : client.address=172.30.52.140 n/a : condition=__GROUP1185 n/a : condition=__GROUP854 n/a : condition=__GROUP855 miss : client.address=WiFi_Guest miss : client.address=WiFi_Tesco MATCH: reflect_ip(172.30.59.18) MATCH: access_log[Splunk](yes) MATCH: client.address=SplunkForwarder socks.authenticate(iwa_bcaaa) socks.authenticate.force(no) miss : url.domain=//msftncsi.com/ n/a : condition=SILENT_USERS miss : url.domain=//www.youtube.com/ miss : client.address=10.23.0.0/16 miss : client.address=10.26.0.0/16 miss : url.domain=//www.ereportmatra80.com/ miss : url.domain=//dld.go.th/ miss : url.domain=//autodiscover.tesco.onmicrosoft.com/ miss : url.domain=//tesco.onmicrosoft.com/ MATCH: ALLOW client.address=114.24.3.168 authenticate(no) detect_protocol(none) MATCH: client.address=114.24.3.168 trace.request(yes) trace.rules(all) trace.destination(google-play) connection: service.name=Explicit HTTP client.address=114.24.3.168 proxy.port=80 time: 2019-08-28 09:30:56 UTC CONNECT tcp://android.clients.google.com:443/ DNS lookup was unrestricted User-Agent: com.android.vending/81612300 (Linux; U; Android 8.1.0; en_US; SM-T395; Build/M1AJQ; Cronet/76.0.3809.21) user: unauthenticated authentication status='not_attempted' authorization status='not_attempted' client.host: 114-24-3-168.dynamic-ip.hinet.net (rdns resolution: ) url.category: Custom_Block_Store@Policy;Custom_Allow_URL_group4@Policy;Custom_Allow_URL_group2@Policy;Allow_MS_o365@Policy;Allow_ManualList@Policy;Bypass_Authen@Policy;whitelist@Policy;MS_Office365_Bypass_Authen@Policy;Technology@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 200 application.name: none application.operation: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 130403 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 87 elapsed 0 ms scan-request-completed: start 87 elapsed 0 ms server-out: start 87 elapsed 0 ms server-in: start 238 elapsed 0 ms client-out: start 238 elapsed 0 ms access-logging: start 130402 elapsed 0 ms stop-transaction: start 130403 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 87 client connection: first-response-byte 0 last-response-byte 130402 stop transaction --------------------