Help setting up URL loggin on ASA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2013 02:41 AM - edited 02-21-2020 04:53 AM
Hi.
I am in desparete need for help to setting up my Cisco ASA to log URL trafik to my KIWI syslog server.
I have seach the net, and i can get it to log something, but not the URL / HTTP / HTTPS trafic.
I found that i should write this to CLI:
regex matchall "."
!
class-map type regex match-any DomainLogList
match regex matchall
class-map type inspect http match-all LogDomainsClass
match request header host regex class DomainLogList
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect http http_inspection_policy
parameters
class LogDomainsClass
log
and also tryet to make a EVENT list and filter to m syslog
But my syslog server gets this:
What am i doing wrong? Can somebody help? i am a totaly newbeen in cisco, and my english is a litle bad:)
- Labels:
-
Other Network Security Topics
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2013 12:19 PM
Hi Martin,
I noticed that you took this from this question:
https://supportforums.cisco.com/thread/240905
This refers to this other link:
http://www.mail-archive.com/ccie_security@onlinestudylist.com/msg01633.html//www.mail-archive.com/ccie_security@onlinestudylist.com/msg01633.html
This part is also part of the configuration but only can be seen when you access the OSL link.
policy-map global_policy class inspection_default inspect http http_inspection_policy
You can tried to add it or simply enable the HTTP inspection.
Remember that you might be looking for syslog 304001
http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a0080ac2fda.shtml#asac
HTH
Luis Silva
"If you need PDI (Planning, Design, Implement) assistance feel free to reach"
http://www.cisco.com/web/partners/tools/pdihd.html
