Trend Micro InterScan CSC SSM Reporting

Unanswered Question
Jul 29th, 2009
User Badges:

I replaced a SonicWall 4060 Pro with dual Cisco ASA 5520s and the CSC SSM modules. I need to know how to run web usage reports on all HTTP traffic. Right now I can only find violation reports through Control Manager, which I am currently evaluating. I'm not interested in the threat, spam, spyware reports. I want to know what traffic is passing through the firewall and be able to match the traffic with an internal IP address if my HR department requests it.


Any and all information is appreciated!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kevin Redmon Fri, 08/07/2009 - 21:01
User Badges:
  • Cisco Employee,

This is currently not supported on the CSC module itself - it will only log denied flows.


There are a number of options available to determine what IP addresses access devices outside the ASA. You can monitor the connection syslogs - this will not provide the hostname on the outside but will provide the inside IP address, the translation, and destination IP address. If you enable 'inspect http', this command will create a syslog with each URL access (however, enabling this feature may have adverse effects on some websites). Implementing NetFlow (available in ASA version 8.2) will give you the ability to more easily watch flows.

Actions

This Discussion