Surefoot3
asked on
How do I configure the ASA to show "Accessed URL" messages to my syslog server
I have a PIX 6.x firewall which is configured as "trap logging: informational " and it shows the folllowing URL messages in the syslog
Feb 6 15:11:05 fw05Feb 06 2008 15:11:05: %PIX-5-304001: 7.1.1.155 Accessed URL 209.85.143.99:/__utm.gif?
I have a ASA 5510 which I've configure as "trap logging: level informational" and it does not show any URL messages on the syslog server. I've even tried to set the logging level to debug and it still doesn't show the URL Accessed messages. (Oh... I am getting tons of other informational messages on the syslog from the ASA 5510 device. - just not the Accessed URL messages)
What do I need to do to have the Access URL messges show up in the syslog server.
Feb 6 15:11:05 fw05Feb 06 2008 15:11:05: %PIX-5-304001: 7.1.1.155 Accessed URL 209.85.143.99:/__utm.gif?
I have a ASA 5510 which I've configure as "trap logging: level informational" and it does not show any URL messages on the syslog server. I've even tried to set the logging level to debug and it still doesn't show the URL Accessed messages. (Oh... I am getting tons of other informational messages on the syslog from the ASA 5510 device. - just not the Accessed URL messages)
What do I need to do to have the Access URL messges show up in the syslog server.
ASKER
Hi Batry Boy,
Yes, I saw the same manual and I did set the level to debbuging, which when I did the syslog messages really started flying but, still no URL messges. I tested it by browsing the web with one of the computers behind the filrewall and nothing.
I just dont get it... maybe its supposed to be a combination of settings on the asa not just the trap level debug setting.
Yes, I saw the same manual and I did set the level to debbuging, which when I did the syslog messages really started flying but, still no URL messges. I tested it by browsing the web with one of the computers behind the filrewall and nothing.
I just dont get it... maybe its supposed to be a combination of settings on the asa not just the trap level debug setting.
Could be a bug if you're using an early version of the 7.x code...what version are you using?
ASKER
Yep... I just upgraded to 8.0.3 and still don't get the Accessed URL messages. I've seen other folks talk about getting them on the ASA doing google searches.... so ugh. Not sure what to do next.
If you set your ASDM logging to"debugging", do you see the URL messagesin the Real Time Log Viewer?
ASKER
sorry for the delay... nope... I don't see them in the buffer log or the asdm log
I'm doing a sh log | inc URL command.. and get nothing but I can tell lots of folks are accessing IP's on port 80 and 443 from the log. It just doesn't show the URL they accesed. argh...
Both my pix 6.3x firewalls actual have the trap and buffer level set to info and they both show URL messages on the syslog server.
I'm doing a sh log | inc URL command.. and get nothing but I can tell lots of folks are accessing IP's on port 80 and 443 from the log. It just doesn't show the URL they accesed. argh...
Both my pix 6.3x firewalls actual have the trap and buffer level set to info and they both show URL messages on the syslog server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks for the info! I've learned something new...glad you got your problem fixed...
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/l2_72.html#wp1690864