[c-nsp] logging traffic

Tom Storey tom at snnap.net
Thu Aug 30 04:32:10 EDT 2007


You could try an access list, something like this (for example):

ip access-list extended log-syn-in
 permit tcp any any syn log
 permit ip any any
!
interface wan
 ip access-group log-syn-in in
!

The second permit will be neccessary unless you only want TCP SYN packets to
get through (implicit "deny any any" at the end of every access-list).

Also, it will only log TCP SYN packets, not actual connections that get
established. SYN packets are the beginnings of a connection, so its a start
anyway.

Someone else may have a more elaborate solution. Thats the best I could
think of at the time being.

Cheers,
Tom

----- Original Message -----
From: "Eimantas Zdanevičius" <eimantas at occ.lt>
To: <cisco-nsp at puck.nether.net>
Sent: Thursday, August 30, 2007 5:22 PM
Subject: [c-nsp] logging traffic


> Hello,
>
> I need to log traffic going trougth cisco 3825 router to syslog server.
> Not all traffic data, i only need to log new connections.
> How can i do this?
>
> Thanks
>
> Current config:
>
> service timestamps debug datetime msec localtime show-timezone
> service timestamps log datetime msec localtime show-timezone
> logging buffered 16384 debugging
> no logging console
> logging trap debugging
> logging xxx.xxx.xxx.xxx
>
> --
> Pagarbiai,
> Eimantas Zdanevičius
> Tinklo administratorius
> UAB "Oslo products"
> Žirmūnų g. 27, LT-09105, Vilnius
> Tel.: +370 5  276 2002
> Faksas: +370 5  270 0204
> Mob.: +370 685  18 864
> E-paštas: eimantas at occ.lt
> www.occ.lt
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list