Educause Security Discussion mailing list archives

Re: capturing full URL information via DNS request logs

From: Philip Webster <p.webster () QUT EDU AU>
Date: Thu, 10 Oct 2013 10:26:58 +1000

On 10/10/2013 08:03, John Ladwig wrote:

Cisco's ASA firewall line also logs http URIs at Informational priority.


We looked at the ASA a while back and it seemed that it would only log
the first URI in a connection. So we could see that a user went to
http://www.google.com/, for example, however if they maintained a
persistent HTTP connection then we wouldn't see the following search
requests.

Have you encountered this, and if so are you aware of a solution?
-- 
Philip Webster
Senior IT Security Engineer | Queensland University of Technology

Current thread:

Re: capturing full URL information via DNS request logs, (continued)
- Re: capturing full URL information via DNS request logs Harry Hoffman (Oct 09)
- Re: capturing full URL information via DNS request logs Shettler, David (Oct 09)
- Re: capturing full URL information via DNS request logs Roger A Safian (Oct 09)
  - Re: capturing full URL information via DNS request logs Rich Graves (Oct 09)
- Re: capturing full URL information via DNS request logs Ian McDonald (Oct 09)
- Re: capturing full URL information via DNS request logs Will Froning (Oct 09)
- Re: capturing full URL information via DNS request logs Justin Azoff (Oct 09)
- Re: capturing full URL information via DNS request logs Kevin Wilcox (Oct 09)
- Re: capturing full URL information via DNS request logs Dave Koontz (Oct 09)
  - Re: capturing full URL information via DNS request logs John Ladwig (Oct 09)
    - Re: capturing full URL information via DNS request logs Philip Webster (Oct 09)
    - Re: capturing full URL information via DNS request logs Youngquist, Jason R. (Oct 10)
    - Re: capturing full URL information via DNS request logs John Ladwig (Oct 10)
- Re: capturing full URL information via DNS request logs Harry Hoffman (Oct 09)