Kevin, I completely understand your dilemma, we have seen this issue many times before. Many vendors including Cisco do not capture the URL in the syslog so other methods are needed to monitor web traffic. I appreciate this list and don't want to market our company on it, but we have developed a technology specifically for this purpose. Would you mind if I have someone contact you off of the list to explain how we could help you with this issue.
Adam Lukasiewicz Operations www.ongarde.com [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Tuesday, March 30, 2004 6:06 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OT: Internet Usage Monitoring I called Cisco and the reason the 515s do not log the host name is because the pix does not look at the data in the packet(s) for the host header information!!!! Kind of usless as a url looger. Kevin Bilbee > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Darin Cox > Sent: Tuesday, March 30, 2004 2:55 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] OT: Internet Usage Monitoring > > > The Pix doesn't log the hostname...at least not the 515s we usually > work with....only the IP address. > > Darin. > > > ----- Original Message ----- > From: "Kevin Bilbee" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, March 30, 2004 5:47 PM > Subject: RE: [Declude.JunkMail] OT: Internet Usage Monitoring > > > I have to agree that is why I am asking this list with diverse > experience. My research to this point supports your comment. > > I am thinking about downloading the trial versions of Websense and > N2H2 to get a comparison and determine it the PIX integeration also > supplies the host name in the reporting. > > > Kevin Bilbee > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Matt > > Sent: Tuesday, March 30, 2004 1:20 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [Declude.JunkMail] OT: Internet Usage Monitoring > > > > > > One caveat to the suggestions is that many smaller sites now share > > the same IP with host headers. If you can't capture the domain > > used, this information will be lost in those instances. I'm not > > sure that there is a reliable way to convert IP's to domains on > > static sites either since all that would seem to be available would > > be the reverse DNS entry which often times won't match the domain of > > the site in question. It would seem that to do this with accuracy, > > you would need some sort of proxy server to handle HTTP requests. > > Note that I'm not familiar with the other options suggested, but as > > usual, I 'think' I'm right about this :) > > > > Matt > > > > > > > > Kevin Bilbee wrote: > > > > >Management wants to do web usage mainitoring. They do not at > > this time want > > >to do blocking. We have a pix firewall that does what Cisco calls > > >URL logging but in relaity it does not log the url but the ip > address of the > > >server and the path on the server to the document being viewed. > > > > > >What they want is a log of client ip and url including the host > > name. They > > >also do not want to abandon the PIX. > > > > > > > > >Any one have any suggestions? > > > > > > > > > > > >Kevin Bilbee > > > > > >--- > > >[This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > >--- > >This E-mail came from the Declude.JunkMail mailing list. To > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > >"unsubscribe Declude.JunkMail". The archives can be found at > >http://www.mail-archive.com. > > > > > > > > > > -- > ===================================================== > MailPure custom filters for Declude JunkMail Pro. > http://www.mailpure.com/software/ > ===================================================== > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > "unsubscribe Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > "unsubscribe Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
