CSC-SSM logging and reporting web traffic/ SMTP

Answered Question
Jul 2nd, 2010
User Badges:

Will the CSC-SSM log the any of the url information that it did not block?

Also can the logging information for this module be exported to a MARS?



Looking at what i can do for web monitoring with the CSC-SSM module with the Trend Micro software on it.



Also has anyone configure for their smtp traffic to be filtered through module  I was wonder what the common design considerations were for internal mail server with the CSC-SSM filtering incoming smtp traffic?

Correct Answer by Marcin Latosiewicz about 6 years 8 months ago

Keith,


I worked quite a bit previously with CSC.


Regarding logging of allowed URLs ... you do not want that. You users going to yahoo.com will cause lots of URLs being displayed.


HTTP inspection can print out which server was accesses and the resource on the server.

CSC by default (not debugging) will only print out messages about dropped requests.


I'm not familiar with logging of CSC messages to MARS (not saying that it does not exist, it's a syslog afterall).



CSC design recommendations state that only inbound traffic to your SMTP server should be inspected by CSC.

You should not inspect your users outbound SMTP traffic.

I have note faced too many problem with inspection of SMTP - it's quite simple and even for quite busy server you can enable alsmost all features.


What other questions might you have?


Marcin

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Marcin Latosiewicz Fri, 07/02/2010 - 16:44
User Badges:
  • Cisco Employee,

Keith,


I worked quite a bit previously with CSC.


Regarding logging of allowed URLs ... you do not want that. You users going to yahoo.com will cause lots of URLs being displayed.


HTTP inspection can print out which server was accesses and the resource on the server.

CSC by default (not debugging) will only print out messages about dropped requests.


I'm not familiar with logging of CSC messages to MARS (not saying that it does not exist, it's a syslog afterall).



CSC design recommendations state that only inbound traffic to your SMTP server should be inspected by CSC.

You should not inspect your users outbound SMTP traffic.

I have note faced too many problem with inspection of SMTP - it's quite simple and even for quite busy server you can enable alsmost all features.


What other questions might you have?


Marcin

Keith Craycraft Tue, 07/06/2010 - 12:36
User Badges:

Marcin,



That covers my questions.  I think i am just going have to dig into the MARS once i get it and really see what i can pull from the normal asa syslogs and the see if i can push the csc-ssm logging to it and see what i can come up with.



I will ALso have to dig into the CSC-SSM. Was not planning on SMTP out-bound just the inbound traffic.



Thanks,




Keith

Actions

This Discussion