FTP and URL
Logging
Logging FTP commands and WWW URLs with the
Syslog feature is possible. FTP and URL messages can be logged at Syslog Level
6. Both inbound and outbound FTP commands and URLs are logged,
and both can be sent to a Syslog server.
Use the following steps to enable FTP and URL logging:
-
Use the show fixup command to make sure
the FTP and HTTP fixup protocol commands are present in the
configuration. They should be on in the default configuration.
fixup protocol http 80
fixup protocol ftp 21
-
If all that was required was to enable URL logging, setting
the logging command(s) to Level 5 would do that. But FTP
logging requires setting the logging command(s) to Level 6.
Because the level includes everything smaller, setting the logging to Level 6
will capture both.
pix(config)#logging console 6
pix(config)#logging trap 6
The following is an example of a URL logging Syslog message,
followed by an FTP logging Syslog message.
%PIX-5-304001: user 192.168.1.10 Accessed URL 198.133.219.25: www.cisco.com
%PIX-5-304001: user 192.168.1.10 accessed URL 192.168.4.5/pr_sjones.gif
%PIX-6-303002: 192.168.1.10 Retrieved 172.16.44.34: resume.doc
%PIX-6-303002: 192.168.1.10 Retrieved 172.16.9.21: bigswitch.tar
%PIX-6-303002: 192.168.1.10 Stored 172.30.19.4: budget.zip
You can use the show logging command to
view these messages at the PIX Firewall console.
Sections
Comments (0 posted)
Syndication
