asked on
Cisco ASA 5510 Syslog not providing URLs for Web Usage reporting
I just installed a Cisco ASA 5510 and I am trying to find a good reporting tool. I am trying Manage Engine Firewall Analyzer which is working well. The only thing not working is the Web Reporting. I spoke to Manage Engine support and they say that you need to enable the HTTP inspection (see instructions below). Evidently the logs from the ASA do not include data about the websites unless you enable it? I am not good at the command line, so I went in through the ASDM GUI and it does not look like message id 304001 is supressed. It doesnt look like any of them are supressed. I am getting great data for everything else, just not web usage reports.
Configuring Cisco ASA Versions
Telnet to the ASA firewall and enter the enable mode
Type the following:
configure terminal
logging enable
logging timestamp
logging trap informational
logging device-id {context-name | hostname | ipaddress interface_name | string text}
logging host interface_name syslog_ip [17/<syslog_port>]
If there are no URL Reports available in Firewall Analyzer for CISCO ASA, enable HTTP inspection by executing the following command:
inspect http
Enabling HTTP inspection will generate syslogs with ID 304001. This ID will be used by Firewall Analyzer to generate URL Reports.
Configuring Cisco ASA Versions
Telnet to the ASA firewall and enter the enable mode
Type the following:
configure terminal
logging enable
logging timestamp
logging trap informational
logging device-id {context-name | hostname | ipaddress interface_name | string text}
logging host interface_name syslog_ip [17/<syslog_port>]
If there are no URL Reports available in Firewall Analyzer for CISCO ASA, enable HTTP inspection by executing the following command:
inspect http
Enabling HTTP inspection will generate syslogs with ID 304001. This ID will be used by Firewall Analyzer to generate URL Reports.
Hardware FirewallsCiscoRouters
Last Comment
thelink12