Solved

Capturing Web Traffic on a CISCO ASA 5520

Posted on 2010-11-18
4
701 Views
Last Modified: 2012-08-13
good day everyone,

we have a cisco ASA 5520 which has syslog capabilites but i do not see where i can monitor websites our users are hitting, is there any way to get this done via the ASDM or with a third-party application that works with the ASA device or is inexpensive or open source? thank you all.

GL137
0
Comment
Question by:GridLock137
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 34165478
If you turn on http inspection, the normal syslog will capture the URL requests.    

Example:
Sample URL Log
The following is an example of a URL logging syslog message:
192.168.69.71 accessed URL 10.0.0.1/secrets.gif

You can change the class inspection to include http if needed.   Just follow this doc to do so:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008085283d.shtml
0
 
LVL 7

Author Comment

by:GridLock137
ID: 34166194
where is the ASA device manager can i do this?
0
 
LVL 33

Accepted Solution

by:
MikeKane earned 500 total points
ID: 34166685
Its in CONFIGURATION -> FIREWALL -> SERVICE POLICY RULES  

Here's a doc that explains how to do it.  ( I wasn't sure about your version, buts its pretty much the same)
http://www.cisco.com/en/US/docs/security/asdm/6_1/user/guide/inspctrl.html#wp1142285
0
 
LVL 7

Author Closing Comment

by:GridLock137
ID: 34167330
thank you.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question