Educause Security Discussion mailing list archives
Re: capturing full URL information via DNS request logs
From: John Ladwig <John.Ladwig () SO MNSCU EDU>
Date: Thu, 10 Oct 2013 17:22:38 +0000
Seems like that's still what ASA's do. We haven't made a full analysis of their behavior, and thus we don't have what you would call a solution. The existing behavior suffices to handle enough of our use-cases (malware downloads and bot activity &c) to keep us more than busy. -jml -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Philip Webster Sent: Wednesday, October 09, 2013 7:27 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] capturing full URL information via DNS request logs On 10/10/2013 08:03, John Ladwig wrote:
Cisco's ASA firewall line also logs http URIs at Informational priority.
We looked at the ASA a while back and it seemed that it would only log the first URI in a connection. So we could see that a user went to http://www.google.com/, for example, however if they maintained a persistent HTTP connection then we wouldn't see the following search requests. Have you encountered this, and if so are you aware of a solution? -- Philip Webster Senior IT Security Engineer | Queensland University of Technology
Current thread:
- Re: capturing full URL information via DNS request logs, (continued)
- Re: capturing full URL information via DNS request logs Roger A Safian (Oct 09)
- Re: capturing full URL information via DNS request logs Rich Graves (Oct 09)
- Re: capturing full URL information via DNS request logs Ian McDonald (Oct 09)
- Re: capturing full URL information via DNS request logs Will Froning (Oct 09)
- Re: capturing full URL information via DNS request logs Justin Azoff (Oct 09)
- Re: capturing full URL information via DNS request logs Kevin Wilcox (Oct 09)
- Re: capturing full URL information via DNS request logs Dave Koontz (Oct 09)
- Re: capturing full URL information via DNS request logs John Ladwig (Oct 09)
- Re: capturing full URL information via DNS request logs Philip Webster (Oct 09)
- Re: capturing full URL information via DNS request logs Youngquist, Jason R. (Oct 10)
- Re: capturing full URL information via DNS request logs John Ladwig (Oct 10)
- Re: capturing full URL information via DNS request logs John Ladwig (Oct 09)
- Re: capturing full URL information via DNS request logs Roger A Safian (Oct 09)
- Re: capturing full URL information via DNS request logs Harry Hoffman (Oct 09)