Help setting up URL loggin on ASA

Martin Joergensen · ‎05-22-2013

Hi.
I am in desparete need for help to setting up my Cisco ASA to log URL trafik to my KIWI syslog server.
I have seach the net, and i can get it to log something, but not the URL / HTTP / HTTPS trafic.

I found that i should write this to CLI:

regex matchall "."
!
class-map type regex match-any DomainLogList
 match regex matchall
class-map type inspect http match-all LogDomainsClass
 match request header host regex class DomainLogList
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect http http_inspection_policy
 parameters
 class LogDomainsClass
  log

and also tryet to make a EVENT list and filter to m syslog

But my syslog server gets this:

What am i doing wrong? Can somebody help? i am a totaly newbeen in cisco, and my english is a litle bad:)

Luis Silva Benavides · ‎07-04-2013

Hi Martin,

I noticed that you took this from this question:

https://supportforums.cisco.com/thread/240905

This refers to this other link:

http://www.mail-archive.com/ccie_security@onlinestudylist.com/msg01633.html //www.mail-archive.com/ccie_security@onlinestudylist.com/msg01633.html

This part is also part of the configuration but only can be seen when you access the OSL link.

policy-map global_policy
 class inspection_default
  inspect http http_inspection_policy

You can tried to add it or simply enable the HTTP inspection.

Remember that you might be looking for syslog 304001

http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a0080ac2fda.shtml#asac

HTH

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva