[c-nsp] logging traffic

Tom Storey tom at snnap.net
Thu Aug 30 04:44:39 EDT 2007


UDP is connectionless, so it doesnt have SYN packets like TCP.

Cheers,
Tom

----- Original Message -----
From: "Eimantas Zdanevičius" <eimantas at occ.lt>
To: "Tom Storey" <tom at snnap.net>; <cisco-nsp at puck.nether.net>
Sent: Thursday, August 30, 2007 6:07 PM
Subject: Re: [c-nsp] logging traffic


> Thanks Tom. And what about UDP traffic?
>
> Pagarbiai,
> Eimantas Zdanevičius
> Tinklo administratorius
> UAB "Oslo products"
> Žirmūnų g. 27, LT-09105, Vilnius
> Tel.: +370 5  276 2002
> Faksas: +370 5  270 0204
> Mob.: +370 685  18 864
> E-paštas: eimantas at occ.lt
> www.occ.lt
>
>
>
> Tom Storey wrote:
> > You could try an access list, something like this (for example):
> >
> > ip access-list extended log-syn-in
> >  permit tcp any any syn log
> >  permit ip any any
> > !
> > interface wan
> >  ip access-group log-syn-in in
> > !
> >
> > The second permit will be neccessary unless you only want TCP SYN
packets to
> > get through (implicit "deny any any" at the end of every access-list).
> >
> > Also, it will only log TCP SYN packets, not actual connections that get
> > established. SYN packets are the beginnings of a connection, so its a
start
> > anyway.
> >
> > Someone else may have a more elaborate solution. Thats the best I could
> > think of at the time being.
> >
> > Cheers,
> > Tom
> >
> > ----- Original Message -----
> > From: "Eimantas Zdanevičius" <eimantas at occ.lt>
> > To: <cisco-nsp at puck.nether.net>
> > Sent: Thursday, August 30, 2007 5:22 PM
> > Subject: [c-nsp] logging traffic
> >
> >
> >
> >> Hello,
> >>
> >> I need to log traffic going trougth cisco 3825 router to syslog server.
> >> Not all traffic data, i only need to log new connections.
> >> How can i do this?
> >>
> >> Thanks
> >>
> >> Current config:
> >>
> >> service timestamps debug datetime msec localtime show-timezone
> >> service timestamps log datetime msec localtime show-timezone
> >> logging buffered 16384 debugging
> >> no logging console
> >> logging trap debugging
> >> logging xxx.xxx.xxx.xxx
> >>
> >> --
> >> Pagarbiai,
> >> Eimantas Zdanevičius
> >> Tinklo administratorius
> >> UAB "Oslo products"
> >> Žirmūnų g. 27, LT-09105, Vilnius
> >> Tel.: +370 5  276 2002
> >> Faksas: +370 5  270 0204
> >> Mob.: +370 685  18 864
> >> E-paštas: eimantas at occ.lt
> >> www.occ.lt
> >>
> >> _______________________________________________
> >> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>


More information about the cisco-nsp mailing list