[c-nsp] Cisco ASA - Configuring Accounting for Network Access
Joseph Karpenko
karpenko at cisco.com
Mon Oct 31 13:36:20 EDT 2011
what about the following syslog mesg, limited URL/URI visibility,
coupled with the 5-tuple syslog mesg(s)?
304001
------
Error Message %ASA-5-304001: user at source_address [(idfw_user)] Accessed URL dest_address: url.
Explanation The specified host tried to access the specified URL.
Recommended Action None required.
http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4770864
regards,
--
/karpenko
On 2011.10.31-16:38:02 -0000, Antonio Soares <amsoares at netcabo.pt> wrote:
> Date: Mon, 31 Oct 2011 16:38:02 -0000
> From: Antonio Soares <amsoares at netcabo.pt>
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Cisco ASA - Configuring Accounting for Network Access
> Authentication-Results: rcdn-inbound-b.cisco.com; dkim=neutral (message not
> signed) header.i=none
> X-OriginalArrivalTime: 31 Oct 2011 16:44:09.0597 (UTC)
> FILETIME=[4FEDEAD0:01CC97EC]
>
> Hello group,
>
> I have a customer that was using a Web Proxy to monitor user
> access to the internet. Now the customer is asking me if the ASA
> can help him monitor the users access to the internet because the
> proxy is not working. He wants to know which users are accessing
> which sites. The only feature I was able to find that could help
> the client is Network Access Accounting:
>
> <http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/access_fwaaa.html#wp1151104>
>
> I made a test in my lab and basically the ASA sends information
> about the source-ip:source-port->destination-ip:destination-port
> to the aaa server. This should be enough but it is not very
> practical. The customer wants some nice real time graphics showing
> him what users are doing. Do we have any solution without
> replacing the ASA with something else ? Is this just me or the
> reporting capabilities of the ASA are very basic ?
>
>
> Thanks.
>
> Regards,
>
> Antonio Soares, CCIE #18473 (R&S/SP)
> amsoares at netcabo.pt
> http://www.ccie18473.net
>
> [ --------------- End of Included Message --------------- ]
More information about the cisco-nsp
mailing list