James Turnbull wrote: >On Mon, April 25, 2005 9:57 am, Stephen Spence said: > > >>All I'm looking for is something which will give an at-a-glance view of the internal >>hosts, hostnames too if possible, the URLs they're looking at, maybe even session >>duration, whatever we can get beyond that is a bonus. >> >> >> > >Not aware of anything PIX specific - but have you considered a proxy? Inserting a proxy >like ISA or Squid into the network between the clients and the PIX will allow you to >track and report on the information you require. > > It's easier than that. There is a debugging level you can turn a Cisco PIX to that will make it log HTTP requests via syslog - part of its "fixup" functionality (syslog level 7). Of course, it gives no where near the level of information a true proxy would - and can't track HTTPS traffic - again, unlike a proxy. Also I wouldn't recommend it for a large environment - where syslog logging could become a bottleneck. Again, proxies reduce this issue. Also if you have an NIDS (more specifically, a monitor point off your Internet gateway), you can use something like Doug Song's urlsnarf to do the same thing. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Sun Apr 24 2005 - 21:52:07 PDT