topic hi,Thanks a lot for your in Network Security

URL logging in ASA 5500

ulric.godefroy1 — Tue, 12 Mar 2019 06:13:51 GMT

Hi everyone,

I know this topic has already been talked about but i can't figure out how sut up url logging on the ASA. I know it has to do with http inspection, but i'm looking for setting URL logging only for a given subnet (dedicated to guest connections) and send it to a syslog server.

Can somebody help me doing this ?

Thanks in advance

Hi,I could not see anything

Akshay Rastogi — Tue, 07 Jul 2015 15:33:07 GMT

Hi,

I could not see anything related to enabling url logging for specific subnet. It would generate specific log id (304001) and that is how it is being sent to syslog server.

Or your could enable http inspection for your required Guest Subnet. In that case it would generate syslog for your concerned traffic.

For that,You could create one access-list with your matched source traffic, call it under a layer 3 class-map and call the class-map under the global_policy. Instead of enabling http inspection under inspection_default, enable it under customized class-map.

Please let me know if you have any query on this. If this answers your query, I would request you to select the appropriate response as the solution for this thread.

Regards,

Akshay Rastogi

hi,Thanks a lot for your

ulric.godefroy1 — Wed, 08 Jul 2015 08:49:54 GMT

hi,

Thanks a lot for your quick answer. I will try this whenever I can :

access-list ACLURL standard permit x.x.x.x 255.255.255.0
class-map classeURL
description class map for URL logging of guest access
match access-list ACLURL
policy-map global_policy
class classeURL
inspect http

Will this only take effect on the specified network in the ACL please ? I'm a bit afraid by the "global-Policy" thing haha

Anyway, thanks for your help

Hi,Yes, you could try this.

Akshay Rastogi — Wed, 08 Jul 2015 15:13:09 GMT

Hi,

Yes, you could try this. Do not worry. If the traffic matches the subnet defined in access-list then it would hit your customized class-map and would perform the associated action.

Please let me know if you have any query on this. If this answers your query, I would request you to select the appropriate response as the solution for this thread.

Regards,

Akshay Rastogi