Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
790
Views
0
Helpful
2
Replies

ASA URL Logging

ippolito
Level 1
Level 1

‎02-01-2008 12:37 PM - edited ‎03-11-2019 04:58 AM

I have URL logging enabled on my ASA-5505, with a default HTTP fixup policy. URL log messages go to my syslog in this format:

2008-01-31T16:49:52-0600 <local4.notice> x.x.x.x %ASA-5-304001: y.y.y.y Accessed URL z.z.z.z:/index.html

This is exactly what I need, except when the page is cached by a web caching server. In this case, the ip address z.z.z.z is the address of the caching server, not the actual web server. Is there a way to log the "host" header field from the http packet, instead of the destination ip address specified in the tcp header? Isn't that what application inspection is for -- to get deeper into the packet than layer 3?

Thank you.

Labels:
0 Helpful
2 Replies 2

amritpatek
Level 6
Level 6

‎02-07-2008 11:52 AM

It is not possible to log the "host" header field from the http packet instead of the destination ip address specified in the tcp header, because the destination in this case is served by a web cache server.

0 Helpful

ippolito
Level 1
Level 1
In response to amritpatek

‎02-07-2008 12:33 PM

That was what I thought but wanted to check. Thanks for the answer.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card