[logs] Re: Logging pix behavior

From: Stephen Spence (sspence@private)
Date: Tue Jul 19 2005 - 07:40:10 PDT


Ok, we've given up getting the PIX to pass the URLs being requested, I've just had no luck with Firegen and we only need something which will keep a log of the requesting IP or netbios name plus time, date and the URL - can anyone suggest such a product? 
 
Can SquidNT or anything else Win32 do this? It's something I would just be setting as a proxy in the client settings by AD and referring to if there was ever a need to know who browsed what...
 
TIA

Steve

________________________________

From: Adrian Grigorof
Sent: Mon 25/04/2005 14:21
To: Stephen Spence; loganalysis@private
Subject: Re: [logs] Logging pix behavior



Try FireGen for Pix 2.0: http://www.eventid.net/firegen/firegenpix2.asp
Just to comment on each of your requirements:
1. > a solution, preferably free
It is not free but the price is more than reasonable
2. > I can enable Syslog
It is designed to analyze syslog logs (the most popular formats being
WinSyslog and Kiwi Syslog)
3. > will give us reporting on web requests
FireGen will provide much more than that. See the sample reports:
- Generic report:
http://www.eventid.net/firegen/mildco01-2004-03-12-165112-ondemand.html
- IP Forensic report (the activity of a certain IP addressd):
http://www.eventid.net/firegen/ipforensics_report.asp
To record the URLs (the PIX %PIX-5-304001 messages) you need logging level 5
but to actually get the traffic (bandwidth, connections, hosts, protocols,
etc..) you need level 6.
4. >standalone win32 app
FireGen is a standalone Win32 app (but requires that you have a syslog
server)
5. >something we can run on our Win32 Apache/MySQL box
You can run it on any Windows 2000, XP or 2003
6. > something which will give an at-a-glance view of the internal hosts,
hostnames too if possible, the URLs they're looking at, maybe even session
duration, whatever we can get beyond that is a bonus
It seems that you are interested in the "IP Forensics" type of report (see
above)

Note: I am affiliated with Altair Technologies, the developers of FireGen.

Regards,

Adrian Grigorof
Altair Technologies
www.altairtech.ca

----- Original Message -----
From: "Stephen Spence" <sspence@private>
To: <loganalysis@private>
Sent: Sunday, April 24, 2005 7:57 PM
Subject: [logs] Logging pix behavior


I've had a good read of the site, but can't find anything which is a fit for
our current requirement, so am wondering if I can call upon the expertise of
the lists members...

We're after a solution, preferably free to begin with to put together a
proof of concept, to log HTTP requests which pass from our client PCs out
through our PIX firewalls. I can enable Syslog and have been experimenting
with a syslog server, but can't find anything thus far which will give us
reporting on web requests either as a standalone win32 app, or better still
as something we can run on our Win32 Apache/MySQL box.

All I'm looking for is something which will give an at-a-glance view of the
internal hosts, hostnames too if possible, the URLs they're looking at,
maybe even session duration, whatever we can get beyond that is a bonus.

Any thoughts?

TIA,
Steve

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________



______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________


_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis



This archive was generated by hypermail 2.1.3 : Tue Jul 19 2005 - 08:53:43 PDT