Complete URL value in syslog

Unanswered Question
Aug 3rd, 2007
User Badges:

Hi,


PIX is giving the following syslog when somebody browsing www.xyz.com. Since this message does not contain www.xyz.com, I am trying to get the website name through reverse dnslookup of yyy.yyy.yyy.yyy, but it returns datacenter ip address of a IP hosting company instead of www.xyz.com.



<165>Dec 07 2006 23:19:01: %PIX-5-304001: xxx.xxx.xxx.xxx Accessed URL yyy.yyy.yyy.yyy:/images/test.jpg


Is there a way to get www.xyz.com in the syslog message? or through some utility? Since firewall inspects all the packets, I think firewall can give this data. Or am I missing any configuration.


regards,

LSP



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion