Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Complete URL value in syslog

Hi,

PIX is giving the following syslog when somebody browsing www.xyz.com. Since this message does not contain www.xyz.com, I am trying to get the website name through reverse dnslookup of yyy.yyy.yyy.yyy, but it returns datacenter ip address of a IP hosting company instead of www.xyz.com.

<165>Dec 07 2006 23:19:01: %PIX-5-304001: xxx.xxx.xxx.xxx Accessed URL yyy.yyy.yyy.yyy:/images/test.jpg

Is there a way to get www.xyz.com in the syslog message? or through some utility? Since firewall inspects all the packets, I think firewall can give this data. Or am I missing any configuration.

regards,

LSP

1 REPLY
Gold

Re: Complete URL value in syslog

http inspection can do this. in 6.x and earlier os versions, use the fixup http command. in 7.x and later, use http inspection - http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/inspect.html#wp1514315

110
Views
0
Helpful
1
Replies