11-22-2001 09:04 AM - edited 02-20-2020 09:55 PM
When "Informational" messages are enabled for logging, our PIX 525 firewall (version 5.31)would log something like:
%PIX-5-304001: 10.11.1.106 Accessed URL 216.34.88.23:/action/abcnews_home_page
for http requests. Is there a way to have PIX log the web server host name (not only the IP address)?
11-22-2001 11:18 AM
agriqorof,
No, the PIX doesn't look up the domain names. But would you want your firewall to do this kind of DNS resolution?
Several of the reporting tools do this. I've used PrivateI from OpenSystems to get this level of detail and gotten good results.
Liberty for All,
Brian
11-22-2001 11:52 AM
Of course, I don't expect Pix to do reverse DNS resolution. I hoped that it would be able to extract this information from the HTTP request itself. The problem with reporting tools doing reverse DNS is that not all web servers have their IP configured for reverse DNS or they point to a generic name controlled by their ISP. This may generate confusing reports on what sites are accessed. The Configuration Guide for Pix gives a sample of URL logging syslog message where the name of the web site is recorded however, in reality that information is not there.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide