cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
636
Views
0
Helpful
2
Replies

CSC-SSM logging and reporting web traffic/ SMTP

Keith Craycraft
Level 1
Level 1

Will the CSC-SSM log the any of the url information that it did not block?

Also can the logging information for this module be exported to a MARS?

Looking at what i can do for web monitoring with the CSC-SSM module with the Trend Micro software on it.

Also has anyone configure for their smtp traffic to be filtered through module  I was wonder what the common design considerations were for internal mail server with the CSC-SSM filtering incoming smtp traffic?

1 Accepted Solution

Accepted Solutions

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Keith,

I worked quite a bit previously with CSC.

Regarding logging of allowed URLs ... you do not want that. You users going to yahoo.com will cause lots of URLs being displayed.

HTTP inspection can print out which server was accesses and the resource on the server.

CSC by default (not debugging) will only print out messages about dropped requests.

I'm not familiar with logging of CSC messages to MARS (not saying that it does not exist, it's a syslog afterall).

CSC design recommendations state that only inbound traffic to your SMTP server should be inspected by CSC.

You should not inspect your users outbound SMTP traffic.

I have note faced too many problem with inspection of SMTP - it's quite simple and even for quite busy server you can enable alsmost all features.

What other questions might you have?

Marcin

View solution in original post

2 Replies 2

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Keith,

I worked quite a bit previously with CSC.

Regarding logging of allowed URLs ... you do not want that. You users going to yahoo.com will cause lots of URLs being displayed.

HTTP inspection can print out which server was accesses and the resource on the server.

CSC by default (not debugging) will only print out messages about dropped requests.

I'm not familiar with logging of CSC messages to MARS (not saying that it does not exist, it's a syslog afterall).

CSC design recommendations state that only inbound traffic to your SMTP server should be inspected by CSC.

You should not inspect your users outbound SMTP traffic.

I have note faced too many problem with inspection of SMTP - it's quite simple and even for quite busy server you can enable alsmost all features.

What other questions might you have?

Marcin

Marcin,

That covers my questions.  I think i am just going have to dig into the MARS once i get it and really see what i can pull from the normal asa syslogs and the see if i can push the csc-ssm logging to it and see what i can come up with.

I will ALso have to dig into the CSC-SSM. Was not planning on SMTP out-bound just the inbound traffic.

Thanks,

Keith

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: