Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Highlighted
New Member

CSC-SSM logging and reporting web traffic/ SMTP

Will the CSC-SSM log the any of the url information that it did not block?

Also can the logging information for this module be exported to a MARS?

Looking at what i can do for web monitoring with the CSC-SSM module with the Trend Micro software on it.

Also has anyone configure for their smtp traffic to be filtered through module  I was wonder what the common design considerations were for internal mail server with the CSC-SSM filtering incoming smtp traffic?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: CSC-SSM logging and reporting web traffic/ SMTP

Keith,

I worked quite a bit previously with CSC.

Regarding logging of allowed URLs ... you do not want that. You users going to yahoo.com will cause lots of URLs being displayed.

HTTP inspection can print out which server was accesses and the resource on the server.

CSC by default (not debugging) will only print out messages about dropped requests.

I'm not familiar with logging of CSC messages to MARS (not saying that it does not exist, it's a syslog afterall).

CSC design recommendations state that only inbound traffic to your SMTP server should be inspected by CSC.

You should not inspect your users outbound SMTP traffic.

I have note faced too many problem with inspection of SMTP - it's quite simple and even for quite busy server you can enable alsmost all features.

What other questions might you have?

Marcin

2 REPLIES
Cisco Employee

Re: CSC-SSM logging and reporting web traffic/ SMTP

Keith,

I worked quite a bit previously with CSC.

Regarding logging of allowed URLs ... you do not want that. You users going to yahoo.com will cause lots of URLs being displayed.

HTTP inspection can print out which server was accesses and the resource on the server.

CSC by default (not debugging) will only print out messages about dropped requests.

I'm not familiar with logging of CSC messages to MARS (not saying that it does not exist, it's a syslog afterall).

CSC design recommendations state that only inbound traffic to your SMTP server should be inspected by CSC.

You should not inspect your users outbound SMTP traffic.

I have note faced too many problem with inspection of SMTP - it's quite simple and even for quite busy server you can enable alsmost all features.

What other questions might you have?

Marcin

New Member

Re: CSC-SSM logging and reporting web traffic/ SMTP

Marcin,

That covers my questions.  I think i am just going have to dig into the MARS once i get it and really see what i can pull from the normal asa syslogs and the see if i can push the csc-ssm logging to it and see what i can come up with.

I will ALso have to dig into the CSC-SSM. Was not planning on SMTP out-bound just the inbound traffic.

Thanks,

Keith

442
Views
0
Helpful
2
Replies
CreatePlease to create content