[c-nsp] Cisco ASA - Configuring Accounting for Network Access

Joseph Karpenko karpenko at cisco.com
Mon Oct 31 13:36:20 EDT 2011


what about the following syslog mesg, limited URL/URI visibility,
coupled with the 5-tuple syslog mesg(s)?

304001
------
Error Message        %ASA-5-304001: user at source_address [(idfw_user)] Accessed URL dest_address: url.
Explanation          The specified host tried to access the specified URL.
Recommended Action   None required.

http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4770864


regards,

-- 

/karpenko

On 2011.10.31-16:38:02 -0000, Antonio Soares <amsoares at netcabo.pt> wrote:
> Date: Mon, 31 Oct 2011 16:38:02 -0000
> From: Antonio Soares <amsoares at netcabo.pt>
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Cisco ASA - Configuring Accounting for Network Access
> Authentication-Results: rcdn-inbound-b.cisco.com; dkim=neutral (message not
>  signed) header.i=none
> X-OriginalArrivalTime: 31 Oct 2011 16:44:09.0597 (UTC)
>  FILETIME=[4FEDEAD0:01CC97EC]
> 
> Hello group,
> 
> I have a customer that was using a Web Proxy to monitor user
> access to the internet. Now the customer is asking me if the ASA
> can help him monitor the users access to the internet because the
> proxy is not working. He wants to know which users are accessing
> which sites. The only feature I was able to find that could help
> the client is Network Access Accounting:
> 
> <http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/access_fwaaa.html#wp1151104>
> 
> I made a test in my lab and basically the ASA sends information
> about the source-ip:source-port->destination-ip:destination-port
> to the aaa server.  This should be enough but it is not very
> practical. The customer wants some nice real time graphics showing
> him what users are doing. Do we have any solution without
> replacing the ASA with something else ? Is this just me or the
> reporting capabilities of the ASA are very basic ?
> 
> 
> Thanks.
> 
> Regards,
> 
> Antonio Soares, CCIE #18473 (R&S/SP)
> amsoares at netcabo.pt
> http://www.ccie18473.net
> 
> [   --------------- End of Included Message ---------------   ]



More information about the cisco-nsp mailing list