Re: Syslog to monitor traffic
- From: "Marc" <mhmuray@xxxxxxxxx>
- Date: Tue, 1 May 2007 20:34:44 -0500
"Loren Amelang" <loren@xxxxxxxxxxx> wrote in message
news:lh2d33t5pd1neaslb999mhs09uob8qorru@xxxxxxxxxx
On Mon, 30 Apr 2007 08:15:46 -0500, "Marc" <mhmuray@xxxxxxxxx> wrote:
Basically I want to watch incoming and
outgoing traffic in real time. Know the source, destination, protocol and
action taken (blocked, allowed, etc.)
That's far too much to watch in real time, even on my single-user 804.
What I do is create an access-list and add "log" to transactions I
really want to see:
-----
access-list 121 remark 3389 is remote desktop
access-list 121 permit tcp any eq 3389 any log
access-list 121 remark 5900 is VNC
access-list 121 permit tcp any eq 5900 any log
...
access-list 121 deny ip any any log
-----
set the logging level to include such items:
-----
logging buffered 4096 debugging
ip access-list log-update threshold 1
logging facility syslog
logging 10.1.1.5
-----
and I get entries like this:
-----
Mar 26 14:53:50.580 pdt: %SEC-6-IPACCESSLOGP: list 121 denied tcp
166.114.42.49(1157) -> 68.164.169.15(5900), 1 packet
-----
That is a VNC in the non-permitted direction, that has fallen through
the whole access-list to the "deny ... log" at the bottom.
I can also request summary statistics on matches to each of the
access-list lines:
-----
// statistics on matches to every access list statement
show access-list [list#]
// reset access statistics
clear access-list counters [list#]
-----
Loren
Thanks, Loren. Exactly what I'm looking for.
.
- References:
- Re: Syslog to monitor traffic
- From: Loren Amelang
- Re: Syslog to monitor traffic
- Prev by Date: Re: HSRP and Policy Route
- Next by Date: VPN Between two Cisco 1720 Router
- Previous by thread: Re: Syslog to monitor traffic
- Next by thread: I want to login to my 2507
- Index(es):
Relevant Pages
|
