I called Cisco and the reason the 515s do not log the host name is because the pix does not look at the data in the packet(s) for the host header information!!!!
Kind of usless as a url looger. Kevin Bilbee > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Darin Cox > Sent: Tuesday, March 30, 2004 2:55 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] OT: Internet Usage Monitoring > > > The Pix doesn't log the hostname...at least not the 515s we usually work > with....only the IP address. > > Darin. > > > ----- Original Message ----- > From: "Kevin Bilbee" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, March 30, 2004 5:47 PM > Subject: RE: [Declude.JunkMail] OT: Internet Usage Monitoring > > > I have to agree that is why I am asking this list with diverse experience. > My research to this point supports your comment. > > I am thinking about downloading the trial versions of Websense and N2H2 to > get a comparison and determine it the PIX integeration also supplies the > host name in the reporting. > > > Kevin Bilbee > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Matt > > Sent: Tuesday, March 30, 2004 1:20 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [Declude.JunkMail] OT: Internet Usage Monitoring > > > > > > One caveat to the suggestions is that many smaller sites now share the > > same IP with host headers. If you can't capture the domain used, this > > information will be lost in those instances. I'm not sure that there is > > a reliable way to convert IP's to domains on static sites either since > > all that would seem to be available would be the reverse DNS entry which > > often times won't match the domain of the site in question. It would > > seem that to do this with accuracy, you would need some sort of proxy > > server to handle HTTP requests. Note that I'm not familiar with the > > other options suggested, but as usual, I 'think' I'm right about this :) > > > > Matt > > > > > > > > Kevin Bilbee wrote: > > > > >Management wants to do web usage mainitoring. They do not at > > this time want > > >to do blocking. We have a pix firewall that does what Cisco calls URL > > >logging but in relaity it does not log the url but the ip > address of the > > >server and the path on the server to the document being viewed. > > > > > >What they want is a log of client ip and url including the host > > name. They > > >also do not want to abandon the PIX. > > > > > > > > >Any one have any suggestions? > > > > > > > > > > > >Kevin Bilbee > > > > > >--- > > >[This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > >--- > >This E-mail came from the Declude.JunkMail mailing list. To > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >type "unsubscribe Declude.JunkMail". The archives can be found > >at http://www.mail-archive.com. > > > > > > > > > > -- > ===================================================== > MailPure custom filters for Declude JunkMail Pro. > http://www.mailpure.com/software/ > ===================================================== > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
