internet logging via syslog

a123s456 · Feb 10, 2005

hi

I have set up the pix to log ot a syslog server running Kiwi sys deamon. I have set the trapping level to 5. all is working fine and i am getting logs out of it.

however - the url's have been resolved to ip. by that i mean in the log i am get ip of x.x.x.x is accessing url 212.212.212.212/blah/blah

has anyone any ideas on how I can get it to log the url before its resolved?
thanks

themut · Feb 10, 2005

The PIX doesn't resolve names, it only see connections to IP addresses so you will not be able to log URLs by name.

zeuz · Feb 10, 2005

My syslog logs the full domain name. The thing that makes the difference is having a WORKING url filtering software running. n2h2 or Websense.

For example:

Feb 10 11:10:28 172.16.1.1 Feb 10 2005 11:10:26: %PIX-5-304001: 172.16.1.13 Accessed URL 208.38.45.184:

http://www.classmates.com/graphics/css/default.css

You may be able to just add the url-server and filter commands to your config, but I doubt it.

Of course both those products provide URL logging too and probably is easier to interpret then syslog.

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

internet logging via syslog

a123s456

IS-IT--Management

themut

Technical User

zeuz

Programmer

Similar threads

Part and Inventory Search

Sponsor