cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
637
Views
0
Helpful
2
Replies

PIX-5-304001 to include host header ?

frans
Level 1
Level 1

hi,

The PIX can log the following sort of messages to a syslog server:

<snip>

PIX-5-304001: 10.200.25.56 Accessed URL 211.188.40.169:/12-14-2003 20:39:19 213.214.100.4 local4.notice %PIX-5-304001: 10.200.25.56 Accessed URL 211.120.111.148:/

</snip>

this is handy when using reporting tools like EIQNetworks firewall Analyzer, Webtrends, or comparable products for firewall logreporting.

One thing that is missing in these log entries from my point of view is the HTTP host header. It's nice to know to which outside physical box an inside-user is connecting, however there are many webservers out there that run hundreds of websites, so this doesn't give all the info that some people would want to see.

Is anybody aware whether Cisco is implementing HTTP-host header logging in the PIX-5-304001 message ?

thanks,

Frans

2 Replies 2

gfullage
Cisco Employee
Cisco Employee

Apologies for thedelay in responding.

I believe what you're after is already logged as an enhancement request, CSCdt32288, you can view it here:

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdt32288&Submit=Search

You'll see though that it's pretty old and still in New status which means no-one is working on it. Feature enhancements get low priority over bugs unless people ask for it, so I'd suggest you contact your Account Manager or SE and have them push for this request to get implemented.

thanks for your reply. That enhancement request is indeed exactly what I mean.

I'll try and see if the prio could be changed :)

thanks,

Frans

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: