How do I log/audit URLs that passes thru the PIX?

[dm318]

Hi Folks,

I need to log down Internet surfing activities on the PIX for my company. Could anyone direct me as to how I can do that? I'm currently relying on running "Logging Buffered Debugging", which I think is not the proper way to do this. Must I have an URL server or something like that? And if yes, any suggestion of a URL server software to log all the data?

A BIG thank you!

 

[LoopyLoo]

Go to

http://www.sans.org/rr/logging/pix.php

A good commercial tool is Security Reporter from NetIQ. Basically you need to log to a dedicated syslog server and use the tool to analyse the logs.

Be careful though, I remember an incident where our syslog server died and the PIX decided to stop all traffic because it couldn't find it!

 

[webnetwiz]

Websense for Cisco PIX will monitor and filter. http:\\

http://www.websense.com

 

[gbiello]

If you use the 'allow' keyword at the end of your "filter url" config line it will allow all web access if the url server goes offline.

-gbiello