12-14-2003 04:35 PM - edited 03-09-2019 05:52 AM
hi,
The PIX can log the following sort of messages to a syslog server:
<snip>
PIX-5-304001: 10.200.25.56 Accessed URL 211.188.40.169:/12-14-2003 20:39:19 213.214.100.4 local4.notice %PIX-5-304001: 10.200.25.56 Accessed URL 211.120.111.148:/
</snip>
this is handy when using reporting tools like EIQNetworks firewall Analyzer, Webtrends, or comparable products for firewall logreporting.
One thing that is missing in these log entries from my point of view is the HTTP host header. It's nice to know to which outside physical box an inside-user is connecting, however there are many webservers out there that run hundreds of websites, so this doesn't give all the info that some people would want to see.
Is anybody aware whether Cisco is implementing HTTP-host header logging in the PIX-5-304001 message ?
thanks,
Frans
12-29-2003 03:00 PM
Apologies for thedelay in responding.
I believe what you're after is already logged as an enhancement request, CSCdt32288, you can view it here:
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdt32288&Submit=Search
You'll see though that it's pretty old and still in New status which means no-one is working on it. Feature enhancements get low priority over bugs unless people ask for it, so I'd suggest you contact your Account Manager or SE and have them push for this request to get implemented.
12-30-2003 01:13 AM
thanks for your reply. That enhancement request is indeed exactly what I mean.
I'll try and see if the prio could be changed :)
thanks,
Frans
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: