[c-nsp] logging traffic

Eimantas Zdanevičius eimantas at occ.lt
Thu Aug 30 04:37:29 EDT 2007


Thanks Tom. And what about UDP traffic?

Pagarbiai,
Eimantas Zdanevičius
Tinklo administratorius
UAB "Oslo products"
Žirmūnų g. 27, LT-09105, Vilnius
Tel.: +370 5  276 2002
Faksas: +370 5  270 0204
Mob.: +370 685  18 864
E-paštas: eimantas at occ.lt
www.occ.lt



Tom Storey wrote:
> You could try an access list, something like this (for example):
>
> ip access-list extended log-syn-in
>  permit tcp any any syn log
>  permit ip any any
> !
> interface wan
>  ip access-group log-syn-in in
> !
>
> The second permit will be neccessary unless you only want TCP SYN packets to
> get through (implicit "deny any any" at the end of every access-list).
>
> Also, it will only log TCP SYN packets, not actual connections that get
> established. SYN packets are the beginnings of a connection, so its a start
> anyway.
>
> Someone else may have a more elaborate solution. Thats the best I could
> think of at the time being.
>
> Cheers,
> Tom
>
> ----- Original Message -----
> From: "Eimantas Zdanevičius" <eimantas at occ.lt>
> To: <cisco-nsp at puck.nether.net>
> Sent: Thursday, August 30, 2007 5:22 PM
> Subject: [c-nsp] logging traffic
>
>
>   
>> Hello,
>>
>> I need to log traffic going trougth cisco 3825 router to syslog server.
>> Not all traffic data, i only need to log new connections.
>> How can i do this?
>>
>> Thanks
>>
>> Current config:
>>
>> service timestamps debug datetime msec localtime show-timezone
>> service timestamps log datetime msec localtime show-timezone
>> logging buffered 16384 debugging
>> no logging console
>> logging trap debugging
>> logging xxx.xxx.xxx.xxx
>>
>> --
>> Pagarbiai,
>> Eimantas Zdanevičius
>> Tinklo administratorius
>> UAB "Oslo products"
>> Žirmūnų g. 27, LT-09105, Vilnius
>> Tel.: +370 5  276 2002
>> Faksas: +370 5  270 0204
>> Mob.: +370 685  18 864
>> E-paštas: eimantas at occ.lt
>> www.occ.lt
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>     


More information about the cisco-nsp mailing list