Educause Security Discussion
mailing list archives
Re: capturing full URL information via DNS request logs
From: John Ladwig <John.Ladwig () SO MNSCU EDU>
Date: Thu, 10 Oct 2013 17:22:38 +0000
Seems like that's still what ASA's do. We haven't made a full analysis of their behavior, and thus we don't have what
you would call a solution.
The existing behavior suffices to handle enough of our use-cases (malware downloads and bot activity &c) to keep us
more than busy.
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Philip
Sent: Wednesday, October 09, 2013 7:27 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] capturing full URL information via DNS request logs
On 10/10/2013 08:03, John Ladwig wrote:
Cisco's ASA firewall line also logs http URIs at Informational priority.
We looked at the ASA a while back and it seemed that it would only log
the first URI in a connection. So we could see that a user went to
http://www.google.com/, for example, however if they maintained a
persistent HTTP connection then we wouldn't see the following search
Have you encountered this, and if so are you aware of a solution?
Senior IT Security Engineer | Queensland University of Technology