Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Outbound Traffic Logging without Websense

We have an urgent need to log traffic to see who is going to a particular website. What I need is, what internal IP address is going to a specific external IP address at a specific time. I know I can get this info by doing a "Show Connections", but that just lists current info. can I send this info to a syslog server?

Thanks!

2 REPLIES
New Member

Re: Outbound Traffic Logging without Websense

I guess I found my own answer. At least AN answer. I am sending level 6 logging to our syslog server. Seems like a lot of message to log, but I couldn't think of another way to do it. Is there another way?

New Member

Re: Outbound Traffic Logging without Websense

You can get this info from a syslog server. You need to have the http fixup enabled and then you will get the following syslog message when someone opens an http connection:

%PIX-5-304001: user source_address Accessed {JAVA URL|URL} dest_address: url.

As you can see it is a level 5 syslog message but if you have 6.3 you can change the level to a lower level if you are not logging at that high of severity.

Hope this helps...

Marcus

112
Views
0
Helpful
2
Replies
CreatePlease login to create content