Re: Syslog to monitor traffic
- From: Loren Amelang <loren@xxxxxxxxxxx>
- Date: Mon, 30 Apr 2007 17:50:26 -0700
On Mon, 30 Apr 2007 08:15:46 -0500, "Marc" <mhmuray@xxxxxxxxx> wrote:
Basically I want to watch incoming and
outgoing traffic in real time. Know the source, destination, protocol and
action taken (blocked, allowed, etc.)
That's far too much to watch in real time, even on my single-user 804.
What I do is create an access-list and add "log" to transactions I
really want to see:
-----
access-list 121 remark 3389 is remote desktop
access-list 121 permit tcp any eq 3389 any log
access-list 121 remark 5900 is VNC
access-list 121 permit tcp any eq 5900 any log
....
access-list 121 deny ip any any log
-----
set the logging level to include such items:
-----
logging buffered 4096 debugging
ip access-list log-update threshold 1
logging facility syslog
logging 10.1.1.5
-----
and I get entries like this:
-----
Mar 26 14:53:50.580 pdt: %SEC-6-IPACCESSLOGP: list 121 denied tcp
166.114.42.49(1157) -> 68.164.169.15(5900), 1 packet
-----
That is a VNC in the non-permitted direction, that has fallen through
the whole access-list to the "deny ... log" at the bottom.
I can also request summary statistics on matches to each of the
access-list lines:
-----
// statistics on matches to every access list statement
show access-list [list#]
// reset access statistics
clear access-list counters [list#]
-----
Loren
.
- Follow-Ups:
- Re: Syslog to monitor traffic
- From: Marc
- Re: Syslog to monitor traffic
- From: Scooby
- Re: Syslog to monitor traffic
- Prev by Date: does WIC-4ESW work in 2600's ?
- Next by Date: Re: Static NAT problem at an ASA
- Previous by thread: PIX 7.22 FTP Problem
- Next by thread: Re: Syslog to monitor traffic
- Index(es):
Relevant Pages
|
