Jason Haar wrote: > It's easier than that. There is a debugging level you can turn a Cisco > PIX to that will make it log HTTP requests via syslog - part of its > "fixup" functionality (syslog level 7). > > Of course, it gives no where near the level of information a true > proxy would - and can't track HTTPS traffic - again, unlike a proxy. > Also I wouldn't recommend it for a large environment - where syslog > logging could become a bottleneck. Again, proxies reduce this issue. Yes true - I had forgotten about the fixups. Though on a busy network using it and outputting via syslog will overload a smaller PIX - we've lost some smaller PIXs that way - run out of CPU/memory through trying to send so many syslog messages. Regards James -- James Turnbull <james@private> --- Author of Hardening Linux from Apress (http://www.amazon.com/exec/obidos/tg/detail/-/1590594444/) --- PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0C42DF40)
_______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Mon Apr 25 2005 - 04:21:33 PDT