Juniper SSG 520 domain names

If the traffic is traversing the firewall and if you are logging this traffic to a syslog server, then yes, you can see the sources of access attempts to the server.

Sadly, screenos cannot import these logs directly to a mysql database, you will need send thesse logs to a server via syslog then import them from there, but that is outwith the abilities of the firewall sadly

but as i know syslog just record the ip addresses how should i get domain names also do you advice me any good syslog program that records to mysql i use kiwi for my cisco but it does not save in to mysql

Sorry bud. Can't help you there I'm afraid but I would start at using a Linux server running either syslog or syslog-  thus should give you a baseline for importing the logs into MySQL using scripts

Sorry I can't be more help for now but I would suggest you ask the question again in another zone to attract the right experts.

HTH

ok forget about the mysql
just help me to get domain names list that request come from untrusted to trusted with success i mean correctly pointed domain names

Does your firewall rule specify the addresses as domain names or ip addresses ?  
I am not sure if it is possible with ssg 520

If it's ip addresses then try to specify another rule  with a domain name just to see if te logs show anything different.

I do not know how to get different logs if you show me one i would be glad

Yes, its possible to use a FQDN as an address object but you must have a working DNS server configured.

Simply add a new address object for the domain names that you want to monitor and use these objects in a firewall rule.

Note, that the logs may still only refer to the actual IP in the connection but its worth trying.

in my juniper's web ui under objects part there are only this options :

 Objects
 Users
 Local
 Local Groups
 External Groups
 IP Pools
 Certificates

i should find what to do in there ?

Under       Policy > Policy Elements > Addresses > List, add the new address object there in the correct zone and then use this object in a policy

You mis understand me that is not what i ask. I do not know domain names in my network we have nearly 100 server rented. and we want to see what our customers do. so we do not know domain names and want to find out from juniper

then we cant do this on the firewall I'm afraid

If you want to obtain that type of information then buy a proper proxy to do this

I've talked to the sonic wall team before they told this we should do it with only a firewall because it reads  packages .

please note that i am not searching for outgoing connections i am looking for incoming connections so proxy should not work in my opinion

The get a sonicawall firewall, screenos does not do what you want

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Qelmo what if an ip has more then one web site. your solution seems like it is works only if reverse dns address only web site with fqdn that exist on the ip

You are demanding too much. The firewall knows only of the IP address. Else you have to record every URL (or at least the root part) used, and that cannot be done by the firewall itself. Only proxy services are able to do that, e.g. a Web Proxy, WebSense or the like. And that would only work for HTTP traffic anyway, because HTTPS is encrypted, and other protocols are using different addressing.

I have started accepting comments because they answer your question. Q: "Is it possible", A: "No". The comments provide workarounds for resolving domain names according to the simple task to reverse-resolve domain names.