FYI, SonicWall does capture the URL in the syslog logging. :) John Tolmachoff Engineer/Consultant/Owner eServices For You
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Adam Lukasiewicz > Sent: Wednesday, March 31, 2004 7:18 AM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] OT: Internet Usage Monitoring > > Kevin, > I completely understand your dilemma, we have seen this issue many times > before. Many vendors including Cisco do not capture the URL in the syslog > so other methods are needed to monitor web traffic. I appreciate this list > and don't want to market our company on it, but we have developed a > technology specifically for this purpose. Would you mind if I have someone > contact you off of the list to explain how we could help you with this > issue. > > Adam Lukasiewicz > Operations > www.ongarde.com > [EMAIL PROTECTED] > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee > Sent: Tuesday, March 30, 2004 6:06 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] OT: Internet Usage Monitoring > > > I called Cisco and the reason the 515s do not log the host name is because > the pix does not look at the data in the packet(s) for the host header > information!!!! > > Kind of usless as a url looger. > > > Kevin Bilbee > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Darin Cox > > Sent: Tuesday, March 30, 2004 2:55 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [Declude.JunkMail] OT: Internet Usage Monitoring > > > > > > The Pix doesn't log the hostname...at least not the 515s we usually > > work with....only the IP address. > > > > Darin. > > > > > > ----- Original Message ----- > > From: "Kevin Bilbee" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Tuesday, March 30, 2004 5:47 PM > > Subject: RE: [Declude.JunkMail] OT: Internet Usage Monitoring > > > > > > I have to agree that is why I am asking this list with diverse > > experience. My research to this point supports your comment. > > > > I am thinking about downloading the trial versions of Websense and > > N2H2 to get a comparison and determine it the PIX integeration also > > supplies the host name in the reporting. > > > > > > Kevin Bilbee > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] Behalf Of Matt > > > Sent: Tuesday, March 30, 2004 1:20 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: [Declude.JunkMail] OT: Internet Usage Monitoring > > > > > > > > > One caveat to the suggestions is that many smaller sites now share > > > the same IP with host headers. If you can't capture the domain > > > used, this information will be lost in those instances. I'm not > > > sure that there is a reliable way to convert IP's to domains on > > > static sites either since all that would seem to be available would > > > be the reverse DNS entry which often times won't match the domain of > > > the site in question. It would seem that to do this with accuracy, > > > you would need some sort of proxy server to handle HTTP requests. > > > Note that I'm not familiar with the other options suggested, but as > > > usual, I 'think' I'm right about this :) > > > > > > Matt > > > > > > > > > > > > Kevin Bilbee wrote: > > > > > > >Management wants to do web usage mainitoring. They do not at > > > this time want > > > >to do blocking. We have a pix firewall that does what Cisco calls > > > >URL logging but in relaity it does not log the url but the ip > > address of the > > > >server and the path on the server to the document being viewed. > > > > > > > >What they want is a log of client ip and url including the host > > > name. They > > > >also do not want to abandon the PIX. > > > > > > > > > > > >Any one have any suggestions? > > > > > > > > > > > > > > > >Kevin Bilbee > > > > > > > >--- > > > >[This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > > >--- > > >This E-mail came from the Declude.JunkMail mailing list. To > > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > >"unsubscribe Declude.JunkMail". The archives can be found at > > >http://www.mail-archive.com. > > > > > > > > > > > > > > > > -- > > > ===================================================== > > MailPure custom filters for Declude JunkMail Pro. > > http://www.mailpure.com/software/ > > > ===================================================== > > > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > "unsubscribe Declude.JunkMail". The archives can be found at > > http://www.mail-archive.com. > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > "unsubscribe Declude.JunkMail". The archives can be found at > > http://www.mail-archive.com. > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, > just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe > Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, > just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe > Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.