[c-nsp] logging traffic

Aaron Riemer aaronis at people.net.au
Sun Sep 2 10:01:58 EDT 2007


Hi, 

I use flow-tools which is an open source package for linux. 

http://www.splintered.net/sw/flow-tools/

Cheers,

Aaron.

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Gabor Ivanszky
Sent: Friday, 31 August 2007 4:53 PM
To: Eimantas Zdanevičius
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] logging traffic

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

nfsen
ntop

Eimantas Zdanevičius wrote:
> Thanks for help.
>
> For now i get traffic connections from ASA 5520 logged to syslog
> server. In future i wil use NetFlow.
>
> Can anyone recommend good free netflow tools?
>
> Pagarbiai, Eimantas Zdanevičius Tinklo administratorius UAB "Oslo
> products" Žirmūnų g. 27, LT-09105, Vilnius Tel.: +370 5  276 2002
> Faksas: +370 5  270 0204 Mob.: +370 685  18 864 E-paštas:
> eimantas at occ.lt www.occ.lt
>
>
>
> Rodney Dunn wrote:
>> Please use #1.
>>
>> #3 causes process switching and that's a very bad thing to do.
>>
>> Rodney
>>
>> On Thu, Aug 30, 2007 at 04:41:58PM +0800, Lincoln Dale (ltd)
>> wrote:
>>
>>>> I need to log traffic going trougth cisco 3825 router to
>>>> syslog server. Not all traffic data, i only need to log new
>>>> connections. How can i do this?
>>>>
>>> there's a few ways you could accomplish this, but I'd recommend
>>> option (1):
>>>
>>> 1. NetFlow export
>>>
>>> 2. IP accounting
>>>
>>> 3. an ACL with 'log', something like: access-list 101 permit
>>> tcp any any established access-list 101 permit tcp any any log
>>> access-list 101 permit ip any any
>>>
>>>
>>> cheers,
>>>
>>> lincoln. _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp archive at
>>> http://puck.nether.net/pipermail/cisco-nsp/
>>>
> _______________________________________________ cisco-nsp mailing
> list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp archive at
> http://puck.nether.net/pipermail/cisco-nsp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG19blDiqVI6Xm21MRAk3uAJ0dysrcV0JkKEDCPo/OtiJgSXt1AACfQyou
YF4XulzuYAWifKUMsGHh00M=
=2NTC
-----END PGP SIGNATURE-----




More information about the cisco-nsp mailing list