Ok, we've given up getting the PIX to pass the URLs being requested, I've just had no luck with Firegen and we only need something which will keep a log of the requesting IP or netbios name plus time, date and the URL - can anyone suggest such a product? Can SquidNT or anything else Win32 do this? It's something I would just be setting as a proxy in the client settings by AD and referring to if there was ever a need to know who browsed what... TIA Steve ________________________________ From: Adrian Grigorof Sent: Mon 25/04/2005 14:21 To: Stephen Spence; loganalysis@private Subject: Re: [logs] Logging pix behavior Try FireGen for Pix 2.0: http://www.eventid.net/firegen/firegenpix2.asp Just to comment on each of your requirements: 1. > a solution, preferably free It is not free but the price is more than reasonable 2. > I can enable Syslog It is designed to analyze syslog logs (the most popular formats being WinSyslog and Kiwi Syslog) 3. > will give us reporting on web requests FireGen will provide much more than that. See the sample reports: - Generic report: http://www.eventid.net/firegen/mildco01-2004-03-12-165112-ondemand.html - IP Forensic report (the activity of a certain IP addressd): http://www.eventid.net/firegen/ipforensics_report.asp To record the URLs (the PIX %PIX-5-304001 messages) you need logging level 5 but to actually get the traffic (bandwidth, connections, hosts, protocols, etc..) you need level 6. 4. >standalone win32 app FireGen is a standalone Win32 app (but requires that you have a syslog server) 5. >something we can run on our Win32 Apache/MySQL box You can run it on any Windows 2000, XP or 2003 6. > something which will give an at-a-glance view of the internal hosts, hostnames too if possible, the URLs they're looking at, maybe even session duration, whatever we can get beyond that is a bonus It seems that you are interested in the "IP Forensics" type of report (see above) Note: I am affiliated with Altair Technologies, the developers of FireGen. Regards, Adrian Grigorof Altair Technologies www.altairtech.ca ----- Original Message ----- From: "Stephen Spence" <sspence@private> To: <loganalysis@private> Sent: Sunday, April 24, 2005 7:57 PM Subject: [logs] Logging pix behavior I've had a good read of the site, but can't find anything which is a fit for our current requirement, so am wondering if I can call upon the expertise of the lists members... We're after a solution, preferably free to begin with to put together a proof of concept, to log HTTP requests which pass from our client PCs out through our PIX firewalls. I can enable Syslog and have been experimenting with a syslog server, but can't find anything thus far which will give us reporting on web requests either as a standalone win32 app, or better still as something we can run on our Win32 Apache/MySQL box. All I'm looking for is something which will give an at-a-glance view of the internal hosts, hostnames too if possible, the URLs they're looking at, maybe even session duration, whatever we can get beyond that is a bonus. Any thoughts? TIA, Steve ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Tue Jul 19 2005 - 08:53:43 PDT