04-18-2008 09:11 AM - edited 03-11-2019 05:33 AM
Hello,
I would like to monitor the traffic that is passing through the ASA and generate reports.
I have a syslog server which I sent all log messages to it. The only issue is that I can see the destination and source IP addresses + ports etc.., Is there a way to log the DNS name of the destination instead of the IP address?
Thanks in advance,
04-18-2008 09:18 AM
04-18-2008 10:11 AM
I don't think it is a syslog facility. Sometimes multiple websites are host on the same webserver. Thus, multiple websites will have the same destination IP address,
04-18-2008 11:32 AM
Your question was about dns name resolution vs syslogging: on the syslog (like kiwi) there's the solution:
- DNS resolution of source host IP addresses with optional domain removal
- DNS caching of up to 100 entries to ensure fast lookups and minimise DNS lookups
- Pre-emptive DNS lookup using up to 10 threads
As you indicated multiple websites will have the same destination IP address: if you configure (check the cpu %) on tha ASA:
logging trap informational
or
logging trap debugging
on the logging there's the ip or also the url ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide