PIX is giving the following syslog when somebody browsing www.xyz.com. Since this message does not contain www.xyz.com, I am trying to get the website name through reverse dnslookup of yyy.yyy.yyy.yyy, but it returns datacenter ip address of a IP hosting company instead of www.xyz.com.
<165>Dec 07 2006 23:19:01: %PIX-5-304001: xxx.xxx.xxx.xxx Accessed URL yyy.yyy.yyy.yyy:/images/test.jpg
Is there a way to get www.xyz.com in the syslog message? or through some utility? Since firewall inspects all the packets, I think firewall can give this data. Or am I missing any configuration.