Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
265
Views
0
Helpful
1
Replies

Complete URL value in syslog

mskumar_apk
Level 1
Level 1

‎08-03-2007 06:53 AM - edited ‎03-11-2019 03:53 AM

Hi,

PIX is giving the following syslog when somebody browsing www.xyz.com. Since this message does not contain www.xyz.com, I am trying to get the website name through reverse dnslookup of yyy.yyy.yyy.yyy, but it returns datacenter ip address of a IP hosting company instead of www.xyz.com.

<165>Dec 07 2006 23:19:01: %PIX-5-304001: xxx.xxx.xxx.xxx Accessed URL yyy.yyy.yyy.yyy:/images/test.jpg

Is there a way to get www.xyz.com in the syslog message? or through some utility? Since firewall inspects all the packets, I think firewall can give this data. Or am I missing any configuration.

regards,

LSP

Labels:
0 Helpful
1 Reply 1

srue
Level 7
Level 7

‎08-06-2007 05:14 AM

http inspection can do this. in 6.x and earlier os versions, use the fixup http command. in 7.x and later, use http inspection - http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/inspect.html#wp1514315

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card