Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
608
Views
0
Helpful
3
Replies

URL logging in ASA 5500

ulric.godefroy1
Level 1
Level 1

‎07-07-2015 02:08 AM - edited ‎03-11-2019 11:13 PM

Hi everyone,

I know this topic has already been talked about but i can't figure out how sut up url logging on the ASA. I know it has to do with http inspection, but i'm looking for setting URL logging only for a given subnet (dedicated to guest connections) and send it to a syslog server.

Can somebody help me doing this ?

Thanks in advance

Labels:
0 Helpful
3 Replies 3

Akshay Rastogi
Cisco Employee
Cisco Employee

‎07-07-2015 08:33 AM

Hi,

I could not see anything related to enabling url logging for specific subnet. It would generate specific log id (304001) and that is how it is being sent to syslog server.

Or your could enable http inspection for your required Guest Subnet. In that case it would generate syslog for your concerned traffic.

For that,You could create one access-list with your matched source traffic, call it under a layer 3 class-map and call the class-map under the global_policy. Instead of enabling http inspection under inspection_default, enable it under customized class-map.

 

Please let me know if you have any query on this. If this answers your query, I would request you to select the appropriate response as the solution for this thread. 

Regards,

Akshay Rastogi

0 Helpful

ulric.godefroy1
Level 1
Level 1
In response to Akshay Rastogi

‎07-08-2015 01:49 AM

hi,

Thanks a lot for your quick answer. I will try this whenever I can :

access-list ACLURL standard permit x.x.x.x 255.255.255.0
class-map classeURL
description class map for URL logging of guest access
match access-list ACLURL
policy-map global_policy
class classeURL
inspect http

Will this only take effect on the specified network in the ACL please ? I'm a bit afraid by the "global-Policy" thing haha

Anyway, thanks for your help
 

0 Helpful

Akshay Rastogi
Cisco Employee
Cisco Employee
In response to ulric.godefroy1

‎07-08-2015 08:13 AM

Hi,

Yes, you could try this. Do not worry. If the traffic matches the subnet defined in access-list then it would hit your customized class-map and would perform the associated action.

 

Please let me know if you have any query on this.  If this answers your query, I would request you to select the appropriate response as the solution for this thread. 

 

Regards,

Akshay Rastogi

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card