Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX URL Logging with Hostname

I am trying to log URLs that are being requested through my PIX FW by internal users. I can get this to work somewhat by using syslog and logging message 304001. This logs all URLs being requested through the PIX for both inside requests and outside requests but it seems to remove the actual requested hostname in the URL and replaces it with an IP address. Is there anyway to get it to stop removing the hostname? I need to show this to different managers in different departments and cannot show them a bunch of IP addresses. Or is there a better way to track the URLs being requested by inside hosts using the PIX than this method? PIX version is 7.2(3) . Here is the relevant configuration:

pager lines 24
logging enable
logging standby
logging buffered informational
logging trap informational
logging host inside x.x.x.x
logging host inside sysloghost
no logging message 313003
no logging message 313001
no logging message 305012
no logging message 305011
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302012
no logging message 609002
no logging message 609001
no logging message 302016
no logging message 302021
no logging message 302020

logging message 304001

As always thanks for any help here.

9 REPLIES
Cisco Employee

Re: PIX URL Logging with Hostname

Make sure you are running one these codes          008.002(001.010)          008.001(002.014)          008.000(005)          008.000(004.024)

syslog url host name has been resolved as part of this defect CSCsw68513 ASA syslog msgs should Display Url Hostname.

syslog  304001 will display hostname.

-KS

New Member

Re: PIX URL Logging with Hostname

Outstanding, Thanks for this. Looks like there is an upgrade in my future. Thanks again.

New Member

Re: PIX URL Logging with Hostname

OK pulled off the upgrade last night (no thanks to a stale arp entry in one of our gateways). The PIX still does not show the URL in the syslog messages. Here is what I have:

logging rate-limit 50 1 message 304001

C515-A# sh ver

Cisco PIX Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(5)

Compiled on Thu 07-Aug-08 19:42 by builders
System image file is "flash:/pix804.bin"
Config file at boot was "startup-config"

here is an example log entry:

Mar 25 12:32:40 C515-A %PIX-5-304001: 10.10.50.245 Accessed URL 157.166.224.4:/people/mhoncho/avatar/48.png

Clearly it is not doing this so either I have put the wrong software on the PIX or its still not fixed. I am assuming its the wrong version. Any other ideas?

New Member

Re: PIX URL Logging with Hostname

Also the bug ID shows this as being for ASA devices not the PIX. Is this for ASA devices only?

Cisco Employee

Re: PIX URL Logging with Hostname

It is fixed in 8.0.4(24) not in 8.0.4.

You do not have the code where it is fixed.

-KS

New Member

Re: PIX URL Logging with Hostname

OK thanks. I will get with the TAC then. Thanks for the help.

Cisco Employee

Re: PIX URL Logging with Hostname

8.0.5 has the fix, why don't you upgrade to 8.0.5 general release?

New Member

Re: PIX URL Logging with Hostname

Latest I see as being available for download is the one I am running which does not contain the fix. There is an 8.0.5 for ASA but none for PIX. At least when I visit the download page. The TAC is sending me the 8.0.4(24) version over now which should fix me up.I will ask about the 8.0.5 though. Thanks for the input.

New Member

Re: PIX URL Logging with Hostname

TAC just confirmed that there is no 8.0.5 code for the PIX. Maybe ASA but not PIX which is what I have. Thanks again for the reply.

.

1401
Views
0
Helpful
9
Replies
CreatePlease login to create content