02-01-2008 12:37 PM - edited 03-11-2019 04:58 AM
I have URL logging enabled on my ASA-5505, with a default HTTP fixup policy. URL log messages go to my syslog in this format:
2008-01-31T16:49:52-0600 <local4.notice> x.x.x.x %ASA-5-304001: y.y.y.y Accessed URL z.z.z.z:/index.html
This is exactly what I need, except when the page is cached by a web caching server. In this case, the ip address z.z.z.z is the address of the caching server, not the actual web server. Is there a way to log the "host" header field from the http packet, instead of the destination ip address specified in the tcp header? Isn't that what application inspection is for -- to get deeper into the packet than layer 3?
Thank you.
02-07-2008 11:52 AM
It is not possible to log the "host" header field from the http packet instead of the destination ip address specified in the tcp header, because the destination in this case is served by a web cache server.
02-07-2008 12:33 PM
That was what I thought but wanted to check. Thanks for the answer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide