Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 312
  • Last Modified:

cisco asa5510 question about reports/logging

Is there away or other tool to see where computers are going out on the internet and for how long they browse?
0
iceman19330
Asked:
iceman19330
  • 7
  • 4
1 Solution
 
lrmooreCommented:
Not directly with the ASA, but you can either set up a proxy, force all users to go through the proxy and lock all except the proxy from going out the ASA, then use the reporting features of your chosen proxy. Microsoft ISA is pretty good for this...

Setup NTOP on a PC connected to a hub that connects the inside of the ASA to the internal LAN switch (or on a SPAN port of the switch)
http://www.NTOP.org

Pop in an in-line filter appliance like iPrism http://www.stbernard.com/iPrism
0
 
iceman19330Author Commented:
Okay is there a tool reading the logs and generating reports that way?
0
 
lrmooreCommented:
Yes.
Enable logging to an external host, and use Sawmill automated syslog analyzer
http://www.sawmill.net/formats/kiwi_iso.html

Or FireGen
http://www.eventid.net/firegen/
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
iceman19330Author Commented:
How do I enable the logging to an external host?
0
 
iceman19330Author Commented:
I think I found it.
0
 
lrmooreCommented:
logging on
logging trap informational
logging host a.b.c.d inside

<8-}

0
 
iceman19330Author Commented:
Nevermind that was something else.
0
 
iceman19330Author Commented:
Result of the command: "logging host 192.168.234.214 inside"

logging host 192.168.234.214 inside
                  ^
ERROR: % Invalid input detected at '^' marker.
0
 
iceman19330Author Commented:
Here is a funny thing I ran the commands, but then when it failed I exited the screen and went around.  At some point it stopped accepting connections, I went back and changed a small setting and applied and it started working again, this has happened before where I have set something via CLI and had to check on syntax or something like that and gotten out and the system has stopped accepting connections?  I know its not part of the question but any thoughts?
0
 
lrmooreCommented:
My bad..
syntax =
logging host inside 192.168.234.214

Been a long day.....
0
 
iceman19330Author Commented:
No problem, been a long week for me.  TGIF.
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now