ASA Traffic Monitoring

m-haddad · ‎04-18-2008

Hello,

I would like to monitor the traffic that is passing through the ASA and generate reports.

I have a syslog server which I sent all log messages to it. The only issue is that I can see the destination and source IP addresses + ports etc.., Is there a way to log the DNS name of the destination instead of the IP address?

Thanks in advance,

ROBERTO TACCON · ‎04-18-2008

it's a feature on the syslog server like

http://www.kiwisyslog.com/kiwi-syslog-daemon-overview/

HTH

m-haddad · ‎04-18-2008

I don't think it is a syslog facility. Sometimes multiple websites are host on the same webserver. Thus, multiple websites will have the same destination IP address,

ROBERTO TACCON · ‎04-18-2008

Your question was about dns name resolution vs syslogging: on the syslog (like kiwi) there's the solution:

- DNS resolution of source host IP addresses with optional domain removal

- DNS caching of up to 100 entries to ensure fast lookups and minimise DNS lookups

- Pre-emptive DNS lookup using up to 10 threads

As you indicated multiple websites will have the same destination IP address: if you configure (check the cpu %) on tha ASA:

logging trap informational

or

logging trap debugging

on the logging there's the ip or also the url ?