Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Web site host name in PIX logs

When "Informational" messages are enabled for logging, our PIX 525 firewall (version 5.31)would log something like:

%PIX-5-304001: 10.11.1.106 Accessed URL 216.34.88.23:/action/abcnews_home_page

for http requests. Is there a way to have PIX log the web server host name (not only the IP address)?

2 REPLIES
Cisco Employee

Re: Web site host name in PIX logs

agriqorof,

No, the PIX doesn't look up the domain names. But would you want your firewall to do this kind of DNS resolution?

Several of the reporting tools do this. I've used PrivateI from OpenSystems to get this level of detail and gotten good results.

Liberty for All,

Brian

New Member

Re: Web site host name in PIX logs

Of course, I don't expect Pix to do reverse DNS resolution. I hoped that it would be able to extract this information from the HTTP request itself. The problem with reporting tools doing reverse DNS is that not all web servers have their IP configured for reverse DNS or they point to a generic name controlled by their ISP. This may generate confusing reports on what sites are accessed. The Configuration Guide for Pix gives a sample of URL logging syslog message where the name of the web site is recorded however, in reality that information is not there.

114
Views
0
Helpful
2
Replies