How do I configure the ASA to show "Accessed URL" messages to my syslog server

I have a PIX 6.x firewall which is configured as "trap logging: informational " and it shows the folllowing URL messages in the syslog
 Feb  6 15:11:05 fw05Feb 06 2008 15:11:05: %PIX-5-304001: 7.1.1.155 Accessed URL 209.85.143.99:/__utm.gif?

I have a ASA 5510 which I've configure as "trap logging: level informational" and it does not show any URL messages on the syslog server.  I've even tried to set the logging level to debug and it still doesn't show the URL Accessed messages.  (Oh... I am getting tons of other informational messages on the  syslog from the ASA 5510 device. - just not the Accessed URL messages)

What do I need to do to have the Access URL messges show up in the syslog server.
Surefoot3Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

batry_boyCommented:
I know you mentioned this, but can you confirm that you do have "logging trap debugging" in your ASA config?  If you look at the following link, it mentions that you need debug level output for WWW URL's...

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/l2_72.html#wp1690864
0
Surefoot3Author Commented:
Hi Batry Boy,
Yes, I saw the same manual and I did set the level to debbuging, which when I did the syslog messages really started flying but, still no URL messges.  I tested it by browsing the web with one of the computers behind the filrewall and nothing.  

I just dont get it... maybe its supposed to be a combination of settings on the asa not just the trap level debug setting.
0
batry_boyCommented:
Could be a bug if you're using an early version of the 7.x code...what version are you using?
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

Surefoot3Author Commented:
Yep... I just upgraded to 8.0.3 and still don't get the Accessed URL messages.  I've seen other folks talk about getting them on the ASA doing google searches.... so ugh.  Not sure what to do next.
0
batry_boyCommented:
If you set your ASDM logging to"debugging", do you see the URL messagesin the Real Time Log Viewer?
0
Surefoot3Author Commented:
sorry for the delay... nope... I don't see them in the buffer log or the asdm log

I'm doing a sh log | inc URL command.. and get nothing but I can tell lots of folks are accessing IP's on port 80 and 443 from the log.  It just doesn't show the URL they accesed.  argh...

Both my pix 6.3x firewalls actual have the trap and buffer level set to info and they both show URL messages on the syslog server.
0
Surefoot3Author Commented:
Ok.. got the answer.

For the ASA, you must have inspect http in one of your configured policy maps.  For me, I had to add it to the default global policy map.  Additionally, I only need to have the trap level configured informational.

policy-map global_policy
 class inspection_default
  inspect dns migrated_dns_map_1
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect netbios
  inspect tftp
  inspect icmp
  inspect http
!
service-policy global_policy global
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
batry_boyCommented:
Thanks for the info!  I've learned something new...glad you got your problem fixed...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.