logging
hi all, I used sub interface for frame relay but if ones of interface was down then no logging appear. Can you help me, how it's make work if sub interface down, we will get logging. Thanks. _ Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Logging
Hi All, I am trying to log login and logout activity on my routers for security point of viewcan any one help me how i can log these activities.. thanks in adv. __ Do You Yahoo!? >From homework help to love advice, Yahoo! Experts has your answer. http://experts.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Logging error
Why would the log tell me that my Ethernet went down and report my serial IP address? Serial INT IP Major Fri Jan 26 12:56:17 xxx.xxx.xxx.xxx Jan 26 12:53:44 xxx.xxx.xxx.xxx xxx: Jan 26 13:51:13: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to down _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Logging error
The formatting makes it a bit confusing, but they look to me like completely separate log messages - look at the timestamps. JMcL -- Forwarded by Jenny Mcleod/NSO/CSDA on 29/01/2001 02:12 pm --- "Roberts, Timothy" <[EMAIL PROTECTED]>@groupstudy.com on 27/01/2001 08:49:17 am Please respond to "Roberts, Timothy" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> cc: Subject: Logging error Why would the log tell me that my Ethernet went down and report my serial IP address? Serial INT IP Major Fri Jan 26 12:56:17 xxx.xxx.xxx.xxx Jan 26 12:53:44 xxx.xxx.xxx.xxx xxx: Jan 26 13:51:13: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to down _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Logging Question ???
Title: copy configs Hi there, I wan to log alerts, critical, debugging, and emergencies. Is this will work. r1(config)#logging console ? alerts Immediate action needed critical Critical conditions debugging Debugging messages emergencies System is unusable errors Error conditions informational Informational messages notifications Normal but significant conditions warnings Warning conditions r1(config)#logging console emergencies ? How about if I want to log only alert and informational ? Thanks for the Help. ShahzaD
Logging Users
Hi everyone! I search for a solution, that can log all commands a user put in at CLI. I want set permission for some commands. The program must be run on a Sun Solaris. I will log, what Command a User executes. For example "int atm0/4.0 -> atm pvc 10 10. I tried it with Cisco Secure, but with this application I can log only when the user get via telnet to the router. Any idea? Thanks for helping! -- Sent through GMX FreeMail - http://www.gmx.net _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Logging
You want Tacacs or Radius. Unless you're asking about "capturing each command" I'm not sure this would help with that if even possible. DDM On Fri, 3 Nov 2000, Study Cisco wrote: > Hi All, > > I am trying to log login and logout activity on my > routers for security point of viewcan any one help > me how i can log these activities.. > > thanks in adv. > > __ > Do You Yahoo!? > >From homework help to love advice, Yahoo! Experts has your answer. > http://experts.yahoo.com/ > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Logging error
are you using ip unnumbered on one of the interfaces?? Kevin Wigle - Original Message - From: "Roberts, Timothy" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, 26 January, 2001 16:49 Subject: Logging error > > Why would the log tell me that my Ethernet went down and report my serial IP > address? > >Serial INT IP > Major Fri Jan 26 12:56:17 xxx.xxx.xxx.xxx Jan 26 12:53:44 xxx.xxx.xxx.xxx > xxx: Jan 26 13:51:13: %LINEPROTO-5-UPDOWN: Line protocol on Interface > Ethernet0/0, changed state to down > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
access list logging
Hi all, I want to build an access list on a cisco router that will log all the denied traffic to a file/server. Can this be done on the implicit deny statement or I have to define the deny traffic. Thanks Adam __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ACL Logging question
I've noticed that when logging ip access lists, in some situations it logs the port number while other times it simply records a zero, and I can't remember the cause of this behavior. It seems that in the nether regions of my memory, I recall once having heard an explanation for this but I just can't remember what it was. It's frustrating me this morning because I wanted to turn on logging to find out what specific ports an application was using, but nothing but zeroes were showing up. Any thoughts? Thanks, John ___ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Logging Users
TACACS+ ... <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi everyone! > > I search for a solution, that can log all commands a user put in at CLI. I > want set permission for some commands. The program must be run on a Sun > Solaris. > I will log, what Command a User executes. For example "int atm0/4.0 -> atm > pvc 10 10. > I tried it with Cisco Secure, but with this application I can log only > when the user get via telnet to the router. > > Any idea? > > Thanks for helping! > > > > -- > Sent through GMX FreeMail - http://www.gmx.net > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
switch console logging
On a Cisco Catalyst 6500 and 4000 series switch, how can I stop system messages from displaying onto the console. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX Logging Tool
Hi, is there a free tool for generating reports from PIX syslog-output ? Thanks __ DeTeSystem Deutsche Telekom Systemlösungen GmbH Hahnstraße 43 d, 60528 Frankfurt am Main Postfach 71 02 45, 60492 Frankfurt am Main Telefon: (069) 6 65 31 -0, Telefax: (069) 6 65 31 -4 99 Aufsichtsrat: Josef Brauner (Vorsitzender) Geschäftsführung: Christian A. Hufnagl (Vorsitzender), Joseph Eisenried, Peter Ruland, Michael Fritz, Wilfried Peters Eintrag Amtsgericht Frankfurt am Main HR B 37649; USt-IdNr. DE 811 575 332 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
req: logging hostname...
Somebody know how to work logging hostname or logging A.B.C.D I want to get the log of my router 7507 in a workstation or server to analize the trouble that the router shows. Please send me information about this question to my e-mail: [EMAIL PROTECTED] thanks in advance elvisdom **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Logging traffic on PIX
Greetings all, I'm trying to log all traffic coming through the PIX for analysis. What's the best way to do that. I want to be able to capture all the traffic on the outside interface. Any suggestions? Thanks, Nabil _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: access list logging
At 10:50 AM 1/16/2001 -0800, Adam Wang wrote: >Hi all, > >I want to build an access list on a cisco router that >will log all the denied traffic to a file/server. Can >this be done on the implicit deny statement or I have >to define the deny traffic. At the bottom of your access list, add a "access-list xxx deny ip any any log" and the configure logging on the router to log to a syslog server. Brian _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: access list logging
I guess you need to explicitly defined in the access-list as you need a log keyword after each line of access-list to log activities on access list suaveguru --- Adam Wang <[EMAIL PROTECTED]> wrote: > Hi all, > > I want to build an access list on a cisco router > that > will log all the denied traffic to a file/server. > Can > this be done on the implicit deny statement or I > have > to define the deny traffic. > > Thanks > > > > Adam > > __ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/ > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACL Logging question
Thanks, that did the trick! In my case I was permitting traffic, so I added another permit statement at the beginning that specified a port; in this case, I allowed DNS traffic. Once I did that, the rest of the statements started logging the actual port numbers being used by this application. Thanks for making my Monday a little bit more manageable! John > Hi John, > > Basically, a zero is logged when you are denying tcp or udp, but have not > specified a port number to deny (e.g. access-list 101 deny tcp host > 192.168.1.1 any), whereas if you specify a port number in an entry, any > further entries that just specify tcp (with no port) will indeed log the > port. The router simply doesnt bother checking the packet in depth unless > you have specfied this in the ACL. > > So, > > access-list 101 deny tcp host 192.168.1.1 any > access-list 101 permit tcp any any > > will log no port numbers, whereas > > access-list 101 deny tcp host 192.168.1.1 any eq smtp > access-list 101 permit tcp any any > > will log the port number. > > If I am in a situation where I must know the port numbers that are trying to > get thru, I normally make the first entry a deny statement thru to a service > that is definately not running on the host machine. > > > --- > Chris Miles > Senior Support Engineer > Customer Network Engineering > REDNET Ltd > +44 1494 51 > > - Original Message - > From: John Neiberger <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, January 22, 2001 4:13 PM > Subject: ACL Logging question > > > > I've noticed that when logging ip access lists, in some situations it logs > > the port number while other times it simply records a zero, and I can't > > remember the cause of this behavior. It seems that in the nether regions > of > > my memory, I recall once having heard an explanation for this but I just > > can't remember what it was. > > > > It's frustrating me this morning because I wanted to turn on logging to > find > > out what specific ports an application was using, but nothing but zeroes > > were showing up. > > > > Any thoughts? > > > > Thanks, > > John > > > > > > > > > > > > ___ > > Send a cool gift with your E-Card > > http://www.bluemountain.com/giftcenter/ > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > ___ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: req: logging hostname
Ok. thanks for your help !!! I tested the syslog server (http://www.kiwi-enterprises.com/) and it works excellent elvisdom [EMAIL PROTECTED] wrote: > Okay, I meant from your internet search engine to find the URL to download > the SYSLOG application to run as a service under NT, or standalone app on > 98/NT search for "KIWI + Syslog" in the search field (search engine being > www.yahoo.com, www.iwon.com, www.excit.com, etc.). > > However, by going to the URL listed below it'll take you to the page to > download the syslog application: > > http://www.kiwi-enterprises.com/ > > If you have any more questions just let me know. > > James **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Logging traffic [7:17559]
Here's what I want to do: Log all traffic (source/destination ip address/port #) from a specific subnet (our HQ) to see what's passing through our external router, and where they're going. Any suggestions? Thanks, Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17559&t=17559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Logging Server on NT
Hi all, Anybody know where I can get a free logging server for Windows NT to log the cisco router/switch? Thanks Kent __ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: req: logging hostname...
On Tue, 12 Sep 2000, Elvis [iso-8859-1] Domínguez wrote: > Somebody know how to work logging hostname or logging A.B.C.D > I want to get the log of my router 7507 in a workstation or server to > analize the trouble that the router shows. > Please send me information about this question to my e-mail: > [EMAIL PROTECTED] I hope you mean "analyze". The word you used has a slightly different meaning. "logging A.B.C.D" will send router logs to that IP address, following normal IP routing. "logging hostname" will use either the router's hosts table or configured nameserver entry to resolve "hostname" to an IP address and then send logs to that IP address following normal IP routing. The IP address either specified directly or resolved must, obviously, have a syslog daemon running and capable of receiving the logs. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX logging [7:62462]
Hi guys, I am studying the PIX, and have successfully set it up, and am logging to kiwi syslog daemon on my windows XP box. I have done this before, not at home, and the info I saw in the syslog screen was reasonably detailed, ie it had the source and destination ports in the text, for warnings. I am now only getting protocol numbers (hence my other question) as seen below: 02-04-2003 20:46:29Local4.Warning 172.16.1.1 Feb 04 2003 20:46:16: %PIX-4-106019: IP packet from 192.168.100.20 to 172.16.1.100, protocol 6 received from interface "DMZ" deny by access-group "dmz2int" 02-04-2003 20:46:29Local4.Warning 172.16.1.1 Feb 04 2003 20:46:16: %PIX-4-106019: IP packet from 192.168.100.20 to 172.16.1.100, protocol 6 received from interface "DMZ" deny by access-group "dmz2int" 02-04-2003 20:46:26Local4.Warning 172.16.1.1 Feb 04 2003 20:46:12: %PIX-4-106019: IP packet from 172.16.2.100 to 172.16.1.100, protocol 17 received from interface "DMZ" deny by access-group "dmz2int" This doesn't tell me much. I have been mucking around with debugging levels and facility numbers, but not getting anywhere. Anyone know how to force it to show port numbers? Cheers, Symon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62462&t=62462 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
logging question. [7:62735]
Hello Group, On a router you have the following logging available, alerts Immediate action needed (severity=1) critical Critical conditions (severity=2) debugging Debugging messages (severity=7) emergencies System is unusable (severity=0) errors Error conditions (severity=3) informational Informational messages (severity=6) notifications Normal but significant conditions (severity=5) warnings Warning conditions (severity=4) If you type : logging buffered debug You log severity 7 and all lower levels on ie, 6,5,4,3...0 Is it possible to logging particular severity levels, say you wanted to log severity 7,4,1 only can this be achived on a router, Any help appreciated, Kind regards. Paul. This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62735&t=62735 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX logging [7:56496]
Hi, Anyone using Webtrends with PIX Firewall ? Regards, Bruno Fernandes Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56496&t=56496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX Logging [7:61039]
I have a PIX 525 with 6.1(1) version. I have setup a kiwi syslog server for logging. What is the best choice out of 0-emergencies-System unusable messages 1-alerts-Take immediate action 2-critical-Critical condition 3-errors-Error message 4-warnings-Warning message 5-notifications-Normal but significant condition 6-informational-Information message 7-debugging-Debug messages and log FTP commands and WWW URLs Thanks, Teza ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61039&t=61039 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Router clock and logging time
Am researching this but will appreciate any assistance. While troubleshooting a bouncing ckt this morning, l found the time on the router to be different from the logging time. Router A# term len 0 Router A# sh log | inc S12/3/2:0 (truncated) Mar 16 11:30:00 serial up, line protocol down ---starts Mar 16 11:30:04 serial up, line protocol up Mar 16 11:30:09 serial up, line protocol down end Router A#sh clo --- Mar 16 6:58:20 My PC time 7:00am Any idea how to rectify this issue or explain the discrepancy ? Thanks for your help Wagus _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Internet Users Logging. [7:1562]
Helo everybody. I want to monitor the activities of my LAN users who are browsing different web sites. I want to enable logging for those users and want to save my all logging information on my Windows 2000 server. Please let me know the procedure. Thanks in advance. Tariq Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1562&t=1562 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX v5.25 logging [7:9640]
Is there anyway to view logs on a PIX and filter by a specific property, such as IP address or TCP Port? thanks, Mike Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=9640&t=9640 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Logging debug messages [7:17107]
I'm having a strange problem with a 2600 running 12.2(1a), after a short period of time (30 to 60 mins) the router will stop logging messages to the vty lines with terminal monitor. I can perform a show logging history and see the last message in the history but nothing is display as it happens, some details below have a look and if anyone can see what's wrong let me know, cheers Pat #sh logging Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns) Console logging: level debugging, 152 messages logged Monitor logging: level debugging, 233 messages logged Logging to: vty66(0) Buffer logging: disabled Logging Exception size (4096 bytes) Trap logging: level informational, 19 message lines logged #sh logging history Syslog History Table:1 maximum table entries, saving level warnings or higher 16 messages ignored, 0 dropped, 0 recursion drops 4 table entries flushed SNMP notifications not enabled entry number 5 : PARSER-3-BADSUBCMD Unrecognized subcommand 0 in exec command 'test crypto isa x.x.x.x x.x.x.x desmd5 ' timestamp: 699958 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17107&t=17107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Logging traffic [7:17559]
You can use a freeware utility that runs on UNIX called ACID (Intrusin detection) that can pick up all of this info. -Original Message- From: cisco skin [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 28, 2001 3:04 PM To: [EMAIL PROTECTED] Subject: Logging traffic [7:17559] Here's what I want to do: Log all traffic (source/destination ip address/port #) from a specific subnet (our HQ) to see what's passing through our external router, and where they're going. Any suggestions? Thanks, Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17563&t=17559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Logging traffic [7:17559]
Hello Robert , Where can on find this ACID utility ? Thanks, Vijendra -- Visit us at www.travnova.com for exciting deals and prizes "Robert Perez" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > You can use a freeware utility that runs on UNIX called ACID (Intrusin > detection) that can pick up all of this info. > > -Original Message- > From: cisco skin [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, August 28, 2001 3:04 PM > To: [EMAIL PROTECTED] > Subject: Logging traffic [7:17559] > > > Here's what I want to do: > > Log all traffic (source/destination ip address/port #) from a specific > subnet (our HQ) to see what's passing through our external router, and where > they're going. > > Any suggestions? > > Thanks, > Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17631&t=17559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Logging traffic [7:17559]
MRTG is one, thats very good, with nice graphs to show visuals of traffic levels. -Original Message- From: cisco skin [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 28, 2001 3:04 PM To: [EMAIL PROTECTED] Subject: Logging traffic [7:17559] Here's what I want to do: Log all traffic (source/destination ip address/port #) from a specific subnet (our HQ) to see what's passing through our external router, and where they're going. Any suggestions? Thanks, Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17667&t=17559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Logging traffic [7:17559]
Jeff- Some ideas that might work: 1. Use netflow and one of the free tools (like flowscan & rrd tool). Check caida.org 2. Webtrends Firewall suite (this is probably the best app for you, as it has tons of reports, but it can be pricey) 3. Use an IDS system that captures all the packets, then write your own code to parse them. 4. Websense in conjunction with your firewall. What you should look at for a tool depends on the exact requirements of what you need to do. Do you want to capture all traffic, or just web traffic? FTP? Outbound email? Just the port usage through the router? Is knowing where people are going important, or just what they are doing? Are you concerned more about inbound traffic from the Internet, or traffic outbound? All of these questions will help you to decide what you want to capture, and should help you with selecting a tool for the job. Good luck. Andras -Original Message- From: cisco skin [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 28, 2001 12:04 PM To: [EMAIL PROTECTED] Subject: Logging traffic [7:17559] Here's what I want to do: Log all traffic (source/destination ip address/port #) from a specific subnet (our HQ) to see what's passing through our external router, and where they're going. Any suggestions? Thanks, Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17672&t=17559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Logging traffic [7:17559]
Hi, Depends on what your are really trying to achieve. If you have plenty of head room in your router you could just add stuuf to an access-list and send the list to a syslog. Cheap nasty but a good way to solve issues. access-list 101 permit icmp any any log access-list 101 permit tcp any any lt 100 log access-list 101 permit tcp any any gt 99 log access-list 101 permit udp any any lt 100 log access-list 101 permit udp any any gt 99 log The trick is to put the port numbers in (lt 100 etc) this will then tell you what address/port is talking to address/port. If you put this at the end of an existing access-list in place of the permit ip any any you should get what you need. On a busy link however this generates heaps of information but it is a nice way to find what you don't want on your network BE AWARE OF ANY PRIVACY ISSUES THAT MIGHT ARISE DOING THIS SORT OF STUFF. Just a thought, Teunis, Hobart, Tasmania Australia On Tuesday, August 28, 2001 at 03:03:47 PM, cisco skin wrote: > Here's what I want to do: > > Log all traffic (source/destination ip address/port #) from a specific > subnet (our HQ) to see what's passing through our external router, and where > they're going. > > Any suggestions? > > Thanks, > Jeff -- www.tasmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17772&t=17559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Logging traffic [7:17559]
I would add the syn predicate to cut down on logging traffic. This will only log the first TCP segment, but it will still contain the source IP address, Time of Day, etc. access-list 101 permit tcp any any lt 100 syn log Since syslog traffic is sent on the data link in human readable form I would use an IPSec tunnel, or a standalone Ethernet interface to actually handle the traffic. Logging data can be very sensitive. Wayne -Original Message- From: Tony van Ree [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 8:39 AM To: [EMAIL PROTECTED] Subject: Re: Logging traffic [7:17559] Hi, Depends on what your are really trying to achieve. If you have plenty of head room in your router you could just add stuuf to an access-list and send the list to a syslog. Cheap nasty but a good way to solve issues. access-list 101 permit icmp any any log access-list 101 permit tcp any any lt 100 log access-list 101 permit tcp any any gt 99 log access-list 101 permit udp any any lt 100 log access-list 101 permit udp any any gt 99 log The trick is to put the port numbers in (lt 100 etc) this will then tell you what address/port is talking to address/port. If you put this at the end of an existing access-list in place of the permit ip any any you should get what you need. On a busy link however this generates heaps of information but it is a nice way to find what you don't want on your network BE AWARE OF ANY PRIVACY ISSUES THAT MIGHT ARISE DOING THIS SORT OF STUFF. Just a thought, Teunis, Hobart, Tasmania Australia On Tuesday, August 28, 2001 at 03:03:47 PM, cisco skin wrote: > Here's what I want to do: > > Log all traffic (source/destination ip address/port #) from a specific > subnet (our HQ) to see what's passing through our external router, and where > they're going. > > Any suggestions? > > Thanks, > Jeff -- www.tasmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17806&t=17559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
router config logging ? [7:29148]
Does anyone have a perl script or something that you can configure to go out to a list of routers and copy the configs to a folder. thanks _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29148&t=29148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Logging Server on NT
We use SL4NT, works great and took about five minutes to install. See: http://www.netal.com/ irwin > -Original Message- > From: Kent [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, August 23, 2000 5:20 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Logging Server on NT > > > Hi all, > > Anybody know where I can get a free logging server for > Windows NT to log the cisco router/switch? > > Thanks > > Kent > > __ > Do You Yahoo!? > Yahoo! Mail - Free email you can access from anywhere! > http://mail.yahoo.com/ > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Logging Server on NT
Try ftp://ftp.3com.com/pub/utilbin/win32/3cdv2r10.zip This also includes a tftp server (my personal favorite) and client and an ftp server. Chris Kent <[EMAIL PROTECTED]> on 08/23/2000 04:19:32 PM Please respond to Kent <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] (bcc: Chris A Korent/USA/Pillsbury) Subject: Logging Server on NT Hi all, Anybody know where I can get a free logging server for Windows NT to log the cisco router/switch? Thanks Kent __ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab __ The information contained in this message is private and confidential information which may also be subject to the attorney-client privilege and work product doctrine. This information is intended only for the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any use, dissemination, distribution or copy of this message is strictly prohibited. If you have received this message in error, please notify the sender by return e-mail and destroy all copies of the message. Thank you. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Logging Server on NT
www.cisco.com has one on CCO On Wed, 23 Aug 2000, Kent wrote: > Hi all, > > Anybody know where I can get a free logging server for > Windows NT to log the cisco router/switch? > > Thanks > > Kent > > __ > Do You Yahoo!? > Yahoo! Mail - Free email you can access from anywhere! > http://mail.yahoo.com/ > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- Brian Feeny, CCNA, CCDA [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Logging Server on NT
The best we have seen and we have tried the others is kiwi tools I cant rember the url but if you cant find it using a search engine give me a email directly. It is VERY good so are the other tools like cat tools which allow you to make multiple changes to routers adding configs chaning passwords doing reports of software and so on. In fact I prefer it to RME2000 Regards, Kevin - Original Message - From: Brian <[EMAIL PROTECTED]> To: Kent <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, August 23, 2000 11:37 PM Subject: Re: Logging Server on NT > > www.cisco.com has one on CCO > > On Wed, 23 Aug 2000, Kent wrote: > > > Hi all, > > > > Anybody know where I can get a free logging server for > > Windows NT to log the cisco router/switch? > > > > Thanks > > > > Kent > > > > __ > > Do You Yahoo!? > > Yahoo! Mail - Free email you can access from anywhere! > > http://mail.yahoo.com/ > > > > ___ > > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > > FAQ, list archives, and subscription info: http://www.groupstudy.com > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > --- > Brian Feeny, CCNA, CCDA [EMAIL PROTECTED] > Network Administrator > ShreveNet Inc. (ASN 11881) > > ___ > To unsubscribe from the CCIELAB list, send a message to > [EMAIL PROTECTED] with the body containing: > unsubscribe ccielab > ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Logging Server on NT
Kevin, Could you elaborate on RME2000, where it can be found, etc? Thanks, George At 12:05 PM 8/24/00 +0100, Kevin Gannon wrote: >The best we have seen and we have tried the others is kiwi tools I cant >rember the url but if you cant find it using a search engine give me a >email directly. > >It is VERY good so are the other tools like cat tools which allow you to >make >multiple changes to routers adding configs chaning passwords doing reports >of software and so on. In fact I prefer it to RME2000 > >Regards, >Kevin >- Original Message - >From: Brian <[EMAIL PROTECTED]> >To: Kent <[EMAIL PROTECTED]> >Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> >Sent: Wednesday, August 23, 2000 11:37 PM >Subject: Re: Logging Server on NT > > >> >> www.cisco.com has one on CCO >> >> On Wed, 23 Aug 2000, Kent wrote: >> >> > Hi all, >> > >> > Anybody know where I can get a free logging server for >> > Windows NT to log the cisco router/switch? >> > >> > Thanks >> > >> > Kent >> > >> > __ >> > Do You Yahoo!? >> > Yahoo! Mail - Free email you can access from anywhere! >> > http://mail.yahoo.com/ >> > >> > ___ >> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html >> > FAQ, list archives, and subscription info: http://www.groupstudy.com >> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] >> > >> >> --- >> Brian Feeny, CCNA, CCDA [EMAIL PROTECTED] >> Network Administrator >> ShreveNet Inc. (ASN 11881) >> >> ___ >> To unsubscribe from the CCIELAB list, send a message to >> [EMAIL PROTECTED] with the body containing: >> unsubscribe ccielab >> > >___ >To unsubscribe from the CCIELAB list, send a message to >[EMAIL PROTECTED] with the body containing: >unsubscribe ccielab ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Logging Server on NT
RME2000 is resource manager 2000 part of Cisco's CWSI's suite of tools. Regards, Kevin - Original Message - From: George Spahl <[EMAIL PROTECTED]> To: Kevin Gannon <[EMAIL PROTECTED]>; Brian <[EMAIL PROTECTED]>; Kent <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, August 25, 2000 10:33 PM Subject: Re: Logging Server on NT > Kevin, > Could you elaborate on RME2000, where it can be found, etc? > Thanks, > George > > At 12:05 PM 8/24/00 +0100, Kevin Gannon wrote: > >The best we have seen and we have tried the others is kiwi tools I cant > >rember the url but if you cant find it using a search engine give me a > >email directly. > > > >It is VERY good so are the other tools like cat tools which allow you to > >make > >multiple changes to routers adding configs chaning passwords doing reports > >of software and so on. In fact I prefer it to RME2000 > > > >Regards, > >Kevin > >- Original Message - > >From: Brian <[EMAIL PROTECTED]> > >To: Kent <[EMAIL PROTECTED]> > >Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > >Sent: Wednesday, August 23, 2000 11:37 PM > >Subject: Re: Logging Server on NT > > > > > >> > >> www.cisco.com has one on CCO > >> > >> On Wed, 23 Aug 2000, Kent wrote: > >> > >> > Hi all, > >> > > >> > Anybody know where I can get a free logging server for > >> > Windows NT to log the cisco router/switch? > >> > > >> > Thanks > >> > > >> > Kent > >> > > >> > __ > >> > Do You Yahoo!? > >> > Yahoo! Mail - Free email you can access from anywhere! > >> > http://mail.yahoo.com/ > >> > > >> > ___ > >> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > >> > FAQ, list archives, and subscription info: http://www.groupstudy.com > >> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > >> > > >> > >> --- > >> Brian Feeny, CCNA, CCDA [EMAIL PROTECTED] > >> Network Administrator > >> ShreveNet Inc. (ASN 11881) > >> > >> ___ > >> To unsubscribe from the CCIELAB list, send a message to > >> [EMAIL PROTECTED] with the body containing: > >> unsubscribe ccielab > >> > > > >___ > >To unsubscribe from the CCIELAB list, send a message to > >[EMAIL PROTECTED] with the body containing: > >unsubscribe ccielab > > ___ > To unsubscribe from the CCIELAB list, send a message to > [EMAIL PROTECTED] with the body containing: > unsubscribe ccielab > ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Logging Server on NT
RME2000 is resource manager 2000 part of Cisco's CWSI's suite of tools. Regards, Kevin - Original Message - From: George Spahl <[EMAIL PROTECTED]> To: Kevin Gannon <[EMAIL PROTECTED]>; Brian <[EMAIL PROTECTED]>; Kent <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, August 25, 2000 10:33 PM Subject: Re: Logging Server on NT > Kevin, > Could you elaborate on RME2000, where it can be found, etc? > Thanks, > George > > At 12:05 PM 8/24/00 +0100, Kevin Gannon wrote: > >The best we have seen and we have tried the others is kiwi tools I cant > >rember the url but if you cant find it using a search engine give me a > >email directly. > > > >It is VERY good so are the other tools like cat tools which allow you to > >make > >multiple changes to routers adding configs chaning passwords doing reports > >of software and so on. In fact I prefer it to RME2000 > > > >Regards, > >Kevin > >- Original Message - > >From: Brian <[EMAIL PROTECTED]> > >To: Kent <[EMAIL PROTECTED]> > >Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > >Sent: Wednesday, August 23, 2000 11:37 PM > >Subject: Re: Logging Server on NT > > > > > >> > >> www.cisco.com has one on CCO > >> > >> On Wed, 23 Aug 2000, Kent wrote: > >> > >> > Hi all, > >> > > >> > Anybody know where I can get a free logging server for > >> > Windows NT to log the cisco router/switch? > >> > > >> > Thanks > >> > > >> > Kent > >> > > >> > __ > >> > Do You Yahoo!? > >> > Yahoo! Mail - Free email you can access from anywhere! > >> > http://mail.yahoo.com/ > >> > > >> > ___ > >> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > >> > FAQ, list archives, and subscription info: http://www.groupstudy.com > >> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > >> > > >> > >> --- > >> Brian Feeny, CCNA, CCDA [EMAIL PROTECTED] > >> Network Administrator > >> ShreveNet Inc. (ASN 11881) > >> > >> ___ > >> To unsubscribe from the CCIELAB list, send a message to > >> [EMAIL PROTECTED] with the body containing: > >> unsubscribe ccielab > >> > > > >___ > >To unsubscribe from the CCIELAB list, send a message to > >[EMAIL PROTECTED] with the body containing: > >unsubscribe ccielab > > ___ > To unsubscribe from the CCIELAB list, send a message to > [EMAIL PROTECTED] with the body containing: > unsubscribe ccielab > ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Logging Server on NT
RME2000 is resource manager 2000 part of Cisco's CWSI's suite of tools. Regards, Kevin - Original Message - From: George Spahl <[EMAIL PROTECTED]> To: Kevin Gannon <[EMAIL PROTECTED]>; Brian <[EMAIL PROTECTED]>; Kent <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, August 25, 2000 10:33 PM Subject: Re: Logging Server on NT > Kevin, > Could you elaborate on RME2000, where it can be found, etc? > Thanks, > George > > At 12:05 PM 8/24/00 +0100, Kevin Gannon wrote: > >The best we have seen and we have tried the others is kiwi tools I cant > >rember the url but if you cant find it using a search engine give me a > >email directly. > > > >It is VERY good so are the other tools like cat tools which allow you to > >make > >multiple changes to routers adding configs chaning passwords doing reports > >of software and so on. In fact I prefer it to RME2000 > > > >Regards, > >Kevin > >- Original Message - > >From: Brian <[EMAIL PROTECTED]> > >To: Kent <[EMAIL PROTECTED]> > >Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > >Sent: Wednesday, August 23, 2000 11:37 PM > >Subject: Re: Logging Server on NT > > > > > >> > >> www.cisco.com has one on CCO > >> > >> On Wed, 23 Aug 2000, Kent wrote: > >> > >> > Hi all, > >> > > >> > Anybody know where I can get a free logging server for > >> > Windows NT to log the cisco router/switch? > >> > > >> > Thanks > >> > > >> > Kent > >> > > >> > __ > >> > Do You Yahoo!? > >> > Yahoo! Mail - Free email you can access from anywhere! > >> > http://mail.yahoo.com/ > >> > > >> > ___ > >> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > >> > FAQ, list archives, and subscription info: http://www.groupstudy.com > >> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > >> > > >> > >> --- > >> Brian Feeny, CCNA, CCDA [EMAIL PROTECTED] > >> Network Administrator > >> ShreveNet Inc. (ASN 11881) > >> > >> ___ > >> To unsubscribe from the CCIELAB list, send a message to > >> [EMAIL PROTECTED] with the body containing: > >> unsubscribe ccielab > >> > > > >___ > >To unsubscribe from the CCIELAB list, send a message to > >[EMAIL PROTECTED] with the body containing: > >unsubscribe ccielab > > ___ > To unsubscribe from the CCIELAB list, send a message to > [EMAIL PROTECTED] with the body containing: > unsubscribe ccielab > ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Logging Server on NT
RME2000 is resource manager 2000 part of Cisco's CWSI's suite of tools. Regards, Kevin - Original Message - From: George Spahl <[EMAIL PROTECTED]> To: Kevin Gannon <[EMAIL PROTECTED]>; Brian <[EMAIL PROTECTED]>; Kent <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, August 25, 2000 10:33 PM Subject: Re: Logging Server on NT > Kevin, > Could you elaborate on RME2000, where it can be found, etc? > Thanks, > George > > At 12:05 PM 8/24/00 +0100, Kevin Gannon wrote: > >The best we have seen and we have tried the others is kiwi tools I cant > >rember the url but if you cant find it using a search engine give me a > >email directly. > > > >It is VERY good so are the other tools like cat tools which allow you to > >make > >multiple changes to routers adding configs chaning passwords doing reports > >of software and so on. In fact I prefer it to RME2000 > > > >Regards, > >Kevin > >- Original Message - > >From: Brian <[EMAIL PROTECTED]> > >To: Kent <[EMAIL PROTECTED]> > >Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > >Sent: Wednesday, August 23, 2000 11:37 PM > >Subject: Re: Logging Server on NT > > > > > >> > >> www.cisco.com has one on CCO > >> > >> On Wed, 23 Aug 2000, Kent wrote: > >> > >> > Hi all, > >> > > >> > Anybody know where I can get a free logging server for > >> > Windows NT to log the cisco router/switch? > >> > > >> > Thanks > >> > > >> > Kent > >> > > >> > __ > >> > Do You Yahoo!? > >> > Yahoo! Mail - Free email you can access from anywhere! > >> > http://mail.yahoo.com/ > >> > > >> > ___ > >> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > >> > FAQ, list archives, and subscription info: http://www.groupstudy.com > >> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > >> > > >> > >> --- > >> Brian Feeny, CCNA, CCDA [EMAIL PROTECTED] > >> Network Administrator > >> ShreveNet Inc. (ASN 11881) > >> > >> ___ > >> To unsubscribe from the CCIELAB list, send a message to > >> [EMAIL PROTECTED] with the body containing: > >> unsubscribe ccielab > >> > > > >___ > >To unsubscribe from the CCIELAB list, send a message to > >[EMAIL PROTECTED] with the body containing: > >unsubscribe ccielab > > ___ > To unsubscribe from the CCIELAB list, send a message to > [EMAIL PROTECTED] with the body containing: > unsubscribe ccielab > ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
logging PIX - NAT translations (xlate)
Is there a way to have the NAT translations sent to a syslog (or other type) of server. You can do a show xlate and get a list of the translations - can this be logged to a text file?? I have a customer that needs to be able to track IP addresses from the outside > translated (PIX) > inside > workstation. Example - they have had people e-mail them with proof that someone from within their network has been doing naughty things. They have no way to track the translation. They are doing NAT only (no PAT) - but there are too many to do static translations. Need some input on this one. thanx, [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX logging [7:62467]
Further to this, I searched Google (I do get it right occasionally) and found that this happens when you use access lists instead of conduits with 5.1. I am using 5.1(5), the other PIX I had detailed info on was using 6.22. Still looking for a workaround (other than changing my access lists to conduits). Cheers, Symon -Original Message- From: Symon Thurlow Sent: 04 February 2003 20:50 To: [EMAIL PROTECTED] Subject: PIX logging Hi guys, I am studying the PIX, and have successfully set it up, and am logging to kiwi syslog daemon on my windows XP box. I have done this before, not at home, and the info I saw in the syslog screen was reasonably detailed, ie it had the source and destination ports in the text, for warnings. I am now only getting protocol numbers (hence my other question) as seen below: 02-04-2003 20:46:29Local4.Warning 172.16.1.1 Feb 04 2003 20:46:16: %PIX-4-106019: IP packet from 192.168.100.20 to 172.16.1.100, protocol 6 received from interface "DMZ" deny by access-group "dmz2int" 02-04-2003 20:46:29Local4.Warning 172.16.1.1 Feb 04 2003 20:46:16: %PIX-4-106019: IP packet from 192.168.100.20 to 172.16.1.100, protocol 6 received from interface "DMZ" deny by access-group "dmz2int" 02-04-2003 20:46:26Local4.Warning 172.16.1.1 Feb 04 2003 20:46:12: %PIX-4-106019: IP packet from 172.16.2.100 to 172.16.1.100, protocol 17 received from interface "DMZ" deny by access-group "dmz2int" This doesn't tell me much. I have been mucking around with debugging levels and facility numbers, but not getting anywhere. Anyone know how to force it to show port numbers? Cheers, Symon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62467&t=62467 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX logging [7:62467]
If you do find a workaround, please let us (me) know? Thanks Jmaie -Original Message- From: Symon Thurlow [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 04, 2003 4:13 PM To: [EMAIL PROTECTED] Subject: RE: PIX logging [7:62467] Further to this, I searched Google (I do get it right occasionally) and found that this happens when you use access lists instead of conduits with 5.1. I am using 5.1(5), the other PIX I had detailed info on was using 6.22. Still looking for a workaround (other than changing my access lists to conduits). Cheers, Symon -Original Message- From: Symon Thurlow Sent: 04 February 2003 20:50 To: [EMAIL PROTECTED] Subject: PIX logging Hi guys, I am studying the PIX, and have successfully set it up, and am logging to kiwi syslog daemon on my windows XP box. I have done this before, not at home, and the info I saw in the syslog screen was reasonably detailed, ie it had the source and destination ports in the text, for warnings. I am now only getting protocol numbers (hence my other question) as seen below: 02-04-2003 20:46:29Local4.Warning 172.16.1.1 Feb 04 2003 20:46:16: %PIX-4-106019: IP packet from 192.168.100.20 to 172.16.1.100, protocol 6 received from interface "DMZ" deny by access-group "dmz2int" 02-04-2003 20:46:29Local4.Warning 172.16.1.1 Feb 04 2003 20:46:16: %PIX-4-106019: IP packet from 192.168.100.20 to 172.16.1.100, protocol 6 received from interface "DMZ" deny by access-group "dmz2int" 02-04-2003 20:46:26Local4.Warning 172.16.1.1 Feb 04 2003 20:46:12: %PIX-4-106019: IP packet from 172.16.2.100 to 172.16.1.100, protocol 17 received from interface "DMZ" deny by access-group "dmz2int" This doesn't tell me much. I have been mucking around with debugging levels and facility numbers, but not getting anywhere. Anyone know how to force it to show port numbers? Cheers, Symon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62598&t=62467 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX logging [7:62467]
I don't think that there is one. I think 5.2 will fix it, but you need a 16MB flash card, and I only have a 2MB card ;( Never mind, I am playing with Conduits for a while, good to learn too. Symon -Original Message- From: Arnold, Jamie [mailto:[EMAIL PROTECTED]] Sent: 06 February 2003 20:29 To: [EMAIL PROTECTED] Subject: RE: PIX logging [7:62467] If you do find a workaround, please let us (me) know? Thanks Jmaie -Original Message- From: Symon Thurlow [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 04, 2003 4:13 PM To: [EMAIL PROTECTED] Subject: RE: PIX logging [7:62467] Further to this, I searched Google (I do get it right occasionally) and found that this happens when you use access lists instead of conduits with 5.1. I am using 5.1(5), the other PIX I had detailed info on was using 6.22. Still looking for a workaround (other than changing my access lists to conduits). Cheers, Symon -Original Message- From: Symon Thurlow Sent: 04 February 2003 20:50 To: [EMAIL PROTECTED] Subject: PIX logging Hi guys, I am studying the PIX, and have successfully set it up, and am logging to kiwi syslog daemon on my windows XP box. I have done this before, not at home, and the info I saw in the syslog screen was reasonably detailed, ie it had the source and destination ports in the text, for warnings. I am now only getting protocol numbers (hence my other question) as seen below: 02-04-2003 20:46:29Local4.Warning 172.16.1.1 Feb 04 2003 20:46:16: %PIX-4-106019: IP packet from 192.168.100.20 to 172.16.1.100, protocol 6 received from interface "DMZ" deny by access-group "dmz2int" 02-04-2003 20:46:29Local4.Warning 172.16.1.1 Feb 04 2003 20:46:16: %PIX-4-106019: IP packet from 192.168.100.20 to 172.16.1.100, protocol 6 received from interface "DMZ" deny by access-group "dmz2int" 02-04-2003 20:46:26Local4.Warning 172.16.1.1 Feb 04 2003 20:46:12: %PIX-4-106019: IP packet from 172.16.2.100 to 172.16.1.100, protocol 17 received from interface "DMZ" deny by access-group "dmz2int" This doesn't tell me much. I have been mucking around with debugging levels and facility numbers, but not getting anywhere. Anyone know how to force it to show port numbers? Cheers, Symon = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62604&t=62467 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ACS Logging / Accounting [7:59308]
Is there is a way to log or account for all the exec commands that are done on a router or switch on an ACS server. I have a setup where all my login authentication and accounting is done thru a ACS server but I was wondering if I could get more detailed accounting accomplished by some means (if possible). Any help would be greatly appreciated. Thanx. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59308&t=59308 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Logging [7:61039]
depends what you want, you want it all pick 7 :) Dave Azhar Teza wrote: > I have a PIX 525 with 6.1(1) version. I have setup a kiwi syslog server for > logging. What is the best choice out of > 0-emergencies-System unusable messages > 1-alerts-Take immediate action > 2-critical-Critical condition > 3-errors-Error message > 4-warnings-Warning message > 5-notifications-Normal but significant condition > 6-informational-Information message > 7-debugging-Debug messages and log FTP commands and WWW URLs > > Thanks, > Teza > > ___ > Join Excite! - http://www.excite.com > The most personalized portal on the Web! -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61056&t=61039 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Logging [7:61039]
Thats relative to what you want to see and also depends on the volume of traffic passing. You could choose level 7 and then turn off some messages on the PIX and revise later. -Original Message- From: Azhar Teza [mailto:[EMAIL PROTECTED]] Sent: 14 January 2003 20:37 To: [EMAIL PROTECTED] Subject: PIX Logging [7:61039] I have a PIX 525 with 6.1(1) version. I have setup a kiwi syslog server for logging. What is the best choice out of 0-emergencies-System unusable messages 1-alerts-Take immediate action 2-critical-Critical condition 3-errors-Error message 4-warnings-Warning message 5-notifications-Normal but significant condition 6-informational-Information message 7-debugging-Debug messages and log FTP commands and WWW URLs Thanks, Teza ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61083&t=61039 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Logging [7:61039]
Azhar, It is upto you on what you want to log. if you select level 7 then it is 0 through 7. if you pick level 3 then it is 0 through 3. -Keyur Shah- CCIE# 4799 (Security;R/S) CISSP,CCSA,SCNA,MCSE,MCNE "Say Hello to Your Future!" Toll-Free: 1.877.79.HELLO -Original Message- From: Azhar Teza [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 14, 2003 10:37 AM To: [EMAIL PROTECTED] Subject: PIX Logging [7:61039] I have a PIX 525 with 6.1(1) version. I have setup a kiwi syslog server for logging. What is the best choice out of 0-emergencies-System unusable messages 1-alerts-Take immediate action 2-critical-Critical condition 3-errors-Error message 4-warnings-Warning message 5-notifications-Normal but significant condition 6-informational-Information message 7-debugging-Debug messages and log FTP commands and WWW URLs Thanks, Teza ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61102&t=61039 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
re: PIX logging [7:61113]
Hello! I used to setup the 'logging trap degugging' and evaluate the environment for some days. After I managed to solve all the problems which arised during this period, I used to use 'logging trap errors'.. For additional security I use 'logging buffered informational' or 'logging buffered debugging'. It's up to you (and your environment, etc.) which level you choose. Best regards, Tamas Horvath network engineer Tel.: +36 22/515-452, Fax: +36 22/327-532 E-Mail: [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61113&t=61113 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router clock and logging time
Is the router using NTP? If so, it can't get synchronized because the line is bouncing. Or, it might be configured for the wrong time zone. Or, you and your PC were abducted by aliens causing a loss of about five hours. I'm guessing one of the first two is more likely. :-) Ok, definitely need some more coffee... John >>> "James Mensah" <[EMAIL PROTECTED]> 3/16/01 8:26:18 AM >>> Am researching this but will appreciate any assistance. While troubleshooting a bouncing ckt this morning, l found the time on the router to be different from the logging time. Router A# term len 0 Router A# sh log | inc S12/3/2:0 (truncated) Mar 16 11:30:00 serial up, line protocol down ---starts Mar 16 11:30:04 serial up, line protocol up Mar 16 11:30:09 serial up, line protocol down end Router A#sh clo --- Mar 16 6:58:20 My PC time 7:00am Any idea how to rectify this issue or explain the discrepancy ? Thanks for your help Wagus _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router clock and logging time
oops... forgot to copy the group on this one, he said with a sheepish grin EA LOUIE <[EMAIL PROTECTED]> wrote: > Na says the gameshow host - probably not logging in localtime > > when logging to console, there is a configuration option - go into config > mode: these are part of my standard command template that I enter in every > Cisco device on my network... > > service timestamps debug datetime msec localtime show-timezone > service timestamps log datetime msec localtime show-timezone > clock timezone PST -8 > clock summer-time PDT recurring > > CASDINET01RT(config)#service timestamps log ? > datetime Timestamp with date and time > uptimeTimestamp with system uptime > > > CASDINET01RT(config)#service timestamps log datetime ? > localtime Use local time zone for timestamps > msec Include milliseconds in timestamp > show-timezone Add time zone information to timestamp > > > Along with this, point your routers and switches to the same NTP source so > that their clocks are all synchronized - helps alot when attempting to > time-correlate problems. > > I've already had 2 cups of coffee, BTW ;-) > > -e- > > "John Neiberger" <[EMAIL PROTECTED]> wrote: > > Is the router using NTP? If so, it can't get synchronized because the > > line is bouncing. Or, it might be configured for the wrong time zone. > > Or, you and your PC were abducted by aliens causing a loss of about five > > hours. > > > > I'm guessing one of the first two is more likely. :-) > > > > Ok, definitely need some more coffee... > > > > John > > > > >>> "James Mensah" <[EMAIL PROTECTED]> 3/16/01 8:26:18 > > AM >>> > > Am researching this but will appreciate any assistance. > > While troubleshooting a bouncing ckt this morning, l found the time > > on the > > router to be different from the logging time. > > > > Router A# term len 0 > > Router A# sh log | inc S12/3/2:0 > > (truncated) > > Mar 16 11:30:00 serial up, line protocol down ---starts > > Mar 16 11:30:04 serial up, line protocol up > > Mar 16 11:30:09 serial up, line protocol down end > > > > Router A#sh clo --- Mar 16 > > 6:58:20 > > My PC time 7:00am > > > > Any idea how to rectify this issue or explain the discrepancy ? > > Thanks for your help > > > > Wagus > > > > _ > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > Get free email and a permanent address at http://www.netaddress.com/?N=1 Get free email and a permanent address at http://www.netaddress.com/?N=1 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Internet Users Logging. [7:1562]
If you have a PIX, a simple syslog will give you this info. There are many free syslog collectors out there, Kiwi's is one, 3Com has a decent one too. A more elegent way is to use a Websense type program that does URL filtering too. Tony #6172 -Original Message- From: Tariq To: [EMAIL PROTECTED] Date: Sunday, April 22, 2001 9:29 PM Subject: Internet Users Logging. [7:1562] >Helo everybody. > >I want to monitor the activities of my LAN users who are browsing different >web sites. >I want to enable logging for those users and want to save my all logging >information on my Windows 2000 server. > >Please let me know the procedure. > >Thanks in advance. > >Tariq >FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1567&t=1562 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Internet Users Logging. [7:1562]
Heh, well, I found out a simple way to do this tonight (I'd never needed to use it before, always having Sniffer Pro on my laptop available). One way might be to put a sniffer either inside or outside your firewall to watch all data (and possibly filter on http if that's all you want). tcpdump (I believe standard on most *nixes) appears to work great for this. You can tell it stuff like this: tcpdump 'gateway 172.16.1.1 and (port ftp or ftp-data)' It logs lines such as: 22:55:42.624793 www.curtis-arata.com.ftp > p3E9C01CE.dip.t-dialin.net.63069: P 0:42(42) ack 1 win 8467 (DF) 22:55:57.446055 www.curtis-arata.com.ftp > p3E9C01CE.dip.t-dialin.net.63069: P 0:42(42) ack 1 win 8467 (DF) 22:56:27.078577 www.curtis-arata.com.ftp > p3E9C01CE.dip.t-dialin.net.63069: P 0:42(42) ack 1 win 8467 (DF) 22:57:26.363622 www.curtis-arata.com.ftp > p3E9C01CE.dip.t-dialin.net.63069: P 0:42(42) ack 1 win 8467 (DF) Throw this at something like Webalizer and it'll save you a lot of work (or just make an ACL on your Cisco router/firewall permit all, but first permit the traffic you want to log and specify log at the end of the line). I'm not a lawyer and this shouldn't be construed as legal advise, but I would make sure you've got a company internet policy established beforehand (and even signed by users, if possible), and include in it that you can and do monitor traffic. Otherwise you might have someone complaining that you're violating their privacy, etc. I just ssh tunnel all traffic I don't want anyone to see to my personal box, so you'd never catch me ;-p -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Tariq"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Helo everybody. > > I want to monitor the activities of my LAN users who are browsing different > web sites. > I want to enable logging for those users and want to save my all logging > information on my Windows 2000 server. > > Please let me know the procedure. > > Thanks in advance. > > Tariq > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1569&t=1562 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Internet Users Logging. [7:1562]
At 02:48 AM 4/23/01 -0400, Jason J. Roysdon wrote: >tcpdump (I believe standard on most *nixes) appears to work great for this. >You can tell it stuff like this: > tcpdump 'gateway 172.16.1.1 and (port ftp or ftp-data)' As an Addenda to Jason's post, SysV Unices sometimes contain "snoop" instead of tcpdump. Solaris is an example of one that uses snoop as opposed to tcpdump. They are very similar in use for the most part. -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1590&t=1562 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Internet Users Logging. [7:1562]
On Mon, Apr 23, 2001 at 02:48:09AM -0400, Jason J. Roysdon wrote: > tcpdump (I believe standard on most *nixes) appears to work great for this. A somewhat more elegant solution is provided by iplog(http://ojnk.sourceforge.net/) and, if you need more flexibility, snort(http://www.snort.org/) Snort also makes an excellent sniffer and is, of course, free. For a nice listing of related tools, see www.freefire.org. -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1591&t=1562 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Internet Users Logging. [7:1562]
In article , "Tariq" wrote: Sniffers would work fine, but I'd look at doing transparent proxying with something like squid. > Helo everybody. > > I want to monitor the activities of my LAN users who are browsing > different web sites. I want to enable logging for those users and want > to save my all logging information on my Windows 2000 server. > > Please let me know the procedure. > > Thanks in advance. > > Tariq > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html Report misconduct and > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2003&t=1562 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
6509 and logging messages [7:6479]
Greetings all, How can I disable messages to prompt me when someone connects to the switch? Basically when someone connects, the switch issues port 4/3 left the bridge, port 4/3 joined the bridge. Can this be disabled? Thanks Nabil Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6479&t=6479 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX v5.25 logging [7:9640]
I usually log to a syslog server (*NIX), and then use tail and/or grep to get the traffic I'm interested in. I haven't found a way to filter on the PIX itself for specific traffic other than using debug levels ( 1-7) which usually don't give you exactly what you are looking for. Allen. At 11:14 AM 6/23/2001, Mike wrote: >Is there anyway to view logs on a PIX and filter by a specific property, >such as IP address or TCP Port? >thanks, >Mike Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=9641&t=9640 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Remote logging with Cat5509 [7:14188]
I'm trying to get remote logging enabled on a Cat5509 and could use some advice. I have everything set up according to Cisco's site but messages do not make it to the syslog server. The sc0 is configured with an ip and gateway and I can ping and telnet to the syslog box. I have the severity and facility set up properly. I do receive messages on the syslog server from the RSFC but not from the Cat itself. The syslog server is on a different subnet and vlan than the Cat management interface and all I can figure is syslog messages aren't getting routed for some reason. But like I said ping and telnet work... hmmm Any ideas??? Thanks, Dennis Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14188&t=14188 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Logging debug messages [7:17107]
There is a bug when logging synchronous is used on the vty or console ports. I hit this issue also. ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Donlon Sent: Friday, August 24, 2001 7:18 AM To: [EMAIL PROTECTED] Subject: Logging debug messages [7:17107] I'm having a strange problem with a 2600 running 12.2(1a), after a short period of time (30 to 60 mins) the router will stop logging messages to the vty lines with terminal monitor. I can perform a show logging history and see the last message in the history but nothing is display as it happens, some details below have a look and if anyone can see what's wrong let me know, cheers Pat #sh logging Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns) Console logging: level debugging, 152 messages logged Monitor logging: level debugging, 233 messages logged Logging to: vty66(0) Buffer logging: disabled Logging Exception size (4096 bytes) Trap logging: level informational, 19 message lines logged #sh logging history Syslog History Table:1 maximum table entries, saving level warnings or higher 16 messages ignored, 0 dropped, 0 recursion drops 4 table entries flushed SNMP notifications not enabled entry number 5 : PARSER-3-BADSUBCMD Unrecognized subcommand 0 in exec command 'test crypto isa x.x.x.x x.x.x.x desmd5 ' timestamp: 699958 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17108&t=17107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Logging debug messages [7:17107]
Thanks Bill, I'll check this out straight away, was the bug introduced in 12.2? or earlier cheers Pat ""Bill Carter"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > There is a bug when logging synchronous is used on the vty or console ports. > > I hit this issue also. > > ^-^-^-^-^-^-^-^-^-^-^ > Bill Carter > CCIE 5022 > ^-^-^-^-^-^-^-^-^-^-^ > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Patrick Donlon > Sent: Friday, August 24, 2001 7:18 AM > To: [EMAIL PROTECTED] > Subject: Logging debug messages [7:17107] > > > I'm having a strange problem with a 2600 running 12.2(1a), after a short > period of time (30 to 60 mins) the router will stop logging messages to the > vty lines with terminal monitor. I can perform a show logging history and > see the last message in the history but nothing is display as it happens, > some details below have a look and if anyone can see what's wrong let me > know, > > cheers Pat > > #sh logging > Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 > flushes, 0 overruns) > Console logging: level debugging, 152 messages logged > Monitor logging: level debugging, 233 messages logged > Logging to: vty66(0) > Buffer logging: disabled > Logging Exception size (4096 bytes) > Trap logging: level informational, 19 message lines logged > > #sh logging history > Syslog History Table:1 maximum table entries, > saving level warnings or higher > 16 messages ignored, 0 dropped, 0 recursion drops > 4 table entries flushed > SNMP notifications not enabled >entry number 5 : PARSER-3-BADSUBCMD > Unrecognized subcommand 0 in exec command 'test crypto isa x.x.x.x > x.x.x.x desmd5 ' > timestamp: 699958 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17111&t=17107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Logging debug messages [7:17107]
Ah, that's good to know! I've been noticing that problem on a 3660 running 12.2 and it was driving me crazy. Last time I looked at CCO I didn't see the bug report but either I missed it or it wasn't on there yet. Thanks for clearing that up for me. John >>> "Bill Carter" 8/24/01 7:04:07 AM >>> There is a bug when logging synchronous is used on the vty or console ports. I hit this issue also. ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Donlon Sent: Friday, August 24, 2001 7:18 AM To: [EMAIL PROTECTED] Subject: Logging debug messages [7:17107] I'm having a strange problem with a 2600 running 12.2(1a), after a short period of time (30 to 60 mins) the router will stop logging messages to the vty lines with terminal monitor. I can perform a show logging history and see the last message in the history but nothing is display as it happens, some details below have a look and if anyone can see what's wrong let me know, cheers Pat #sh logging Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns) Console logging: level debugging, 152 messages logged Monitor logging: level debugging, 233 messages logged Logging to: vty66(0) Buffer logging: disabled Logging Exception size (4096 bytes) Trap logging: level informational, 19 message lines logged #sh logging history Syslog History Table:1 maximum table entries, saving level warnings or higher 16 messages ignored, 0 dropped, 0 recursion drops 4 table entries flushed SNMP notifications not enabled entry number 5 : PARSER-3-BADSUBCMD Unrecognized subcommand 0 in exec command 'test crypto isa x.x.x.x x.x.x.x desmd5 ' timestamp: 699958 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17125&t=17107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ACl, authentication and logging [7:28060]
Hi everyone, I have a customer that uses 3600 with E1 leased line connections to their branch offices and their consultant company. They want a full control on the consultants so they want some config changes to manage them. First there are two locations that connect to their network for consulting, but my customer wants to be informed when they enter the network, also wants to set some access lists so they can only enter some part of the network. But he also wants an authentication too. As I know username password combination only applies to ppp so I thought may be he can handle this by assigning class-maps or something like that. Any idea? Best regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28060&t=28060 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DDR logging line opening ? [7:44798]
Hello, ddr, dialer profiles, isdn (ininfluent though I think). When a connection comes up something like this is logged: %LINK-3-UPDOWN: Interface BRI1/0:2, changed state to up %DIALER-6-BIND: Interface BR1/0:2 bound to profile Di99 %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI1/0:2, changed state to up %ISDN-6-CONNECT: Interface BRI1/0:2 is now connected to 0123456789 remotename Unfortunately that log is always the same, if the router itself called out or was called nothing changes. On the router itself at the moment it is easy to find that info (sh dialer, sh isdn hist, sh isdn act), but not in the logfile. The only way I found is keeping active debug dialer event, probably not the best thing on a production router. Any idea how to get some meaningfull log ? Thanks Heiko -- -- PREVINET S.p.A.[EMAIL PROTECTED] -- Via Ferretto, 1ph x39-041-5907073 -- I-31021 Mogliano V.to (TV) fax x39-041-5907472 -- ITALY Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44798&t=44798 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACS Logging / Accounting [7:59308]
In your AAA config specify a line for aaa accounting commands 15 default start-stop specify whatever group or method list you wish Cheers, Colin McNamara ""Amer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...> Is there is a way to log or account for all the exec commands that are done > on a router or switch on an ACS server. I have a setup where all my login > authentication and accounting is done thru a ACS server but I was > wondering if I could get more detailed accounting accomplished by some means > (if possible). Any help would be greatly appreciated. Thanx. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59349&t=59308 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACS Logging / Accounting [7:59308]
The following is the commands that are on my switches and routers that our authenticating and accounting on the ACS and the logging of the exec commands are not being done. Do I need anything added or removed from the bottom configuration? Thanks again for your assistance. aaa new-model aaa authentication login default local group tacacs+ aaa authentication enable default enable group tacacs+ aaa authorization exec default local if-authenticated group tacacs+ aaa authorization network default none aaa accounting update newinfo aaa accounting exec default start-stop group tacacs+ aaa accounting commands 15 default stop-only group tacacs+ aaa accounting network default start-stop group tacacs+ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59359&t=59308 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN logging ACS server [7:73297]
Hello all, I have 3.6 Clients connecting to a PIX 515 and using Xauth. Everything is just grand except I need a way to get a reporting of everyuser that logs in and how long they were connected. Preferably including start and stop times. OUr ACS server is great for showing when the connection was made by making an entry in the "Passed Authentications" But it does not record when the VPN is torn down. Any solutions, suggestions, comments on how to capture the teardown so I can make a reporting of how long the user was connected? I sthere and ACS fix, a PIX fix..someother fix ( using an ISA server) I am open to all sorts of suggestions. thanks, jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73297&t=73297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 6509 and logging messages [7:6479]
conf t logging buffered 99 debug no logging console - Original Message - From: "Nabil Fares" To: Sent: Wednesday, May 30, 2001 12:50 PM Subject: 6509 and logging messages [7:6479] > Greetings all, > > How can I disable messages to prompt me when someone connects to the switch? > Basically when someone connects, the switch issues port 4/3 left the bridge, > port 4/3 joined the bridge. Can this be disabled? > > Thanks > > Nabil > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6486&t=6479 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 6509 and logging messages [7:6479]
If you're connecting to the switch via telnet - keeping with the below suggestion - assuming you're running CatOS, you might want to also turn off "session" logging. That combined with creating a big buffer for the logging messages and/or sending them to a syslog host will keep these messages off your screen. If you don't care about these messages, you can also change the logging parameters for the switch. See the following link for info: http://www.cisco.com/warp/customer/473/34.shtml#PAGP_MESSAGES -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Peter I. Slow Sent: Wednesday, May 30, 2001 12:24 PM To: [EMAIL PROTECTED] Subject: Re: 6509 and logging messages [7:6479] conf t logging buffered 99 debug no logging console - Original Message - From: "Nabil Fares" To: Sent: Wednesday, May 30, 2001 12:50 PM Subject: 6509 and logging messages [7:6479] > Greetings all, > > How can I disable messages to prompt me when someone connects to the switch? > Basically when someone connects, the switch issues port 4/3 left the bridge, > port 4/3 joined the bridge. Can this be disabled? > > Thanks > > Nabil > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6620&t=6479 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Logging - terminal monitor not working [7:39957]
Kind of a silly problem but can't figure it out ... I am connected to R1 via telnet. I have turned on debugging of ip packets I also have issued the command "terminal monitor" Yet I do not get anything logged when I ping the Ethernet interface of R1 Any ideas? Thanks R1#sh terminal Line 2, Location: "", Type: "ANSI" Length: 45 lines, Width: 80 columns Baud rate (TX/RX) is 9600/9600 Status: Ready, Active, No Exit Banner Capabilities: Receives Logging Output Modem state: Ready Group codes:0 Special Chars: Escape Hold Stop Start Disconnect Activation ^^xnone - - none Timeouts: Idle EXECIdle Session Modem Answer Session Dispatch never nevernone not set Idle Session Disconnect Warning never Login-sequence User Response 00:00:30 Autoselect Initial Wait not set Modem type is unknown. Session limit is not set. Time since activation: 00:41:15 Editing is enabled. History is enabled, history size is 10. DNS resolution in show commands is enabled Full user help is disabled Allowed transports are lat pad v120 mop telnet rlogin nasi. Preferred is lat. No output characters are padded No special data dispatching characters ======== R1#sh logging Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Console logging: level debugging, 102 messages logged Monitor logging: level debugging, 2 messages logged Logging to: vty2(0) Buffer logging: level debugging, 102 messages logged Trap logging: level informational, 47 message lines logged Log Buffer (4096 bytes): Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39957&t=39957 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Remote logging with Cat5509 [7:14188]
have you checked to see that the syslog server isn't already using the facility (i.e. LOCAL7) for another service? are you sure that the messages from the cat arent' going to another log file ? jason Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14340&t=14188 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Remote logging with Cat5509 [7:14188]
Hey Jason, Thanks for your input. I defined local0 the facility to be used both in the Cat and in syslog.conf. I have the same config in the route-switch card which is on the Sup module and that logs to the syslog server just fine. I did check the messages file on the server to see if messages were going there somehow but no luck. I also did a tcpdump on the syslog server listening on port 514 and no syslog messages are arriving from the Catalyst, only from the RSFC. It seems like a gateway issue or something but the strange thing is I can ping and telnet from the Catalyst to the syslog server. I'll keep digging but might have to call Cisco on this one... Dennis ""Tangled Up in Blue"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > have you checked to see that the syslog server isn't already using the > facility (i.e. LOCAL7) for another service? are you sure that the messages > from the cat arent' going to another log file ? > > jason Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14346&t=14188 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Remote logging with Cat5509 [7:14188]
Hi It has been a while since I've touched a 5000 but... Can you ping the syslog server from the Cat? If not, you may need to add a route so that the console knows how to get to the syslog server (set ip route ...) HTH RM Dennis H wrote: > > I'm trying to get remote logging enabled on a Cat5509 and could > use some > advice. I have everything set up according to Cisco's site but > messages do > not make it to the syslog server. The sc0 is configured with > an ip and > gateway and I can ping and telnet to the syslog box. I have > the severity > and facility set up properly. I do receive messages on the > syslog server > from the RSFC but not from the Cat itself. The syslog server > is on a > different subnet and vlan than the Cat management interface and > all I can > figure is syslog messages aren't getting routed for some > reason. But like I > said ping and telnet work... hmmm > > Any ideas??? > > Thanks, > > Dennis > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14390&t=14188 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Logging to remote UNIX server [7:17401]
Hey All, I have been trying to set up my 3660 (IOS 12.1) access router to log everything to my HP OpenView server (Solaris 8). It seems simple to set up on the Cisco side with only a few commands but it doesn't seem to be working. The 'show logging' command indicates that it is working and sending messages to the remote box but it is not receiving anything. Any thoughts, guidelines, info? Thanks, Charles. These are the configuration items I entered: logging on logging buffered 10000 debugging no logging rate-limit logging trap debugging logging facility syslog logging 192.168.x.x Results of 'show logging': router#sh logging Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns) Console logging: level debugging, 1559 messages logged Monitor logging: level debugging, 0 messages logged Buffer logging: level debugging, 1560 messages logged Logging Exception size (0 bytes) Trap logging: level debugging, 1564 message lines logged Logging to 192.168.x.x, 33 message lines logged Log Buffer (1 bytes): [GroupStudy.com removed an attachment of type text/x-vcard which had a name of cdowling.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17401&t=17401 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ACl, authentication and logging [7:28060]
IMHO, you're best off to setup a TACACS server Cisco offers one that you can install on a Windows NT machine. This will give you options to let various people authenticate with different priviledges as well as offer authorization and accounting functionality. You can also setup a syslog application on the same NT server to log virtually anything that happens on your equipment and who did what. There is a great FREE syslog daemon for Windows NT: http://www.kiwi-enterprises.com/ HTH, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28361&t=28060 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
buffer and monitor logging problems [7:32286]
Hi, Has anyone ever encountered problems related to logging? I mean a router with "level debugging" set on all destinations stops logging to buffer and monitor, and the "solution" is to change console logging level to "warnings" or less (even no logging console)? I've also noticed that "no logging synchronous" under line con 0 does the trick- logging resumes to buffer and monitor. Thanks in advance for any ideas Theo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32286&t=32286 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Logging VPN UP/DOWN status [7:62631]
Hello Group, I've got a situation where I need to keep track of my IPSEC VPN connectivity to see how often it goes up and down. I prefer to use syslog, and have the VPN log messages when it does go down/up rather than SNMP. It seems like by default, there are some logging messages logged but I'm not sure what they are. I don't really want to turn on debugging, because there is too much info to log and it would overrun my logging buffer. Also, this is a VPN using crypto map, there is no GRE interface I can keep track of. Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62631&t=62631 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
access-list logging rate-limited [7:66520]
Two quick questions: I've configured an access-list to only permit certain tcp and udp ports above 1024. At the end of the access-list I have the following commands: access-list 101 deny tcp any any log access-list 101 deny udp any any log access-list 101 deny ip any any log Question 1: Do I even need the "deny tcp" and "deny udp" statements since I also have a deny ip statement? Question 2: When I perform a port scan through the router it logs some of the events but it seems to miss the majority of them giving me the following error message: "%SEC-6-IPACCESSLOGRL. access-list logging rate-limited or missed 142 packets" Is access-list logging rate-limited by default? Is there anyway for me to ensure everything gets logged? I'm not sure if I understand? Thanks, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66520&t=66520 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DDR logging line opening ? [7:44798]
Use a sniffer in combination with this log. This will help you identify which traffic opens the DDR link and which not. If there are any other ways, let me know. Rgds, Crestion Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44815&t=44798 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DDR logging line opening ? [7:44798]
You may try adjusting your logging levels and see if you can get anything more meaningful. I don't have any ISDN interfaces or simulators at the moment so please post back if you find anything good. Herold Heiko wrote: > > Hello, > ddr, dialer profiles, isdn (ininfluent though I think). > When a connection comes up something like this is logged: > > %LINK-3-UPDOWN: Interface BRI1/0:2, changed state to up > %DIALER-6-BIND: Interface BR1/0:2 bound to profile Di99 > %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI1/0:2, > changed state to > up > %ISDN-6-CONNECT: Interface BRI1/0:2 is now connected to > 0123456789 > remotename > > Unfortunately that log is always the same, if the router itself > called out > or was called nothing changes. On the router itself at the > moment it is easy > to find that info (sh dialer, sh isdn hist, sh isdn act), but > not in the > logfile. > > The only way I found is keeping active debug dialer event, > probably not the > best thing on a production router. > > Any idea how to get some meaningfull log ? > Thanks > Heiko > > -- > -- PREVINET S.p.A.[EMAIL PROTECTED] > -- Via Ferretto, 1ph x39-041-5907073 > -- I-31021 Mogliano V.to (TV) fax x39-041-5907472 > -- ITALY > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44830&t=44798 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DDR logging line opening ? [7:44798]
Check the SNMP MIBs...I can't remember the one off the top of my head, but there is one for Call Detail History...You can query that and get all sorts of good info (like you see in sh isdn hist, sh isdn active...) Chris ""Herold Heiko"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello, > ddr, dialer profiles, isdn (ininfluent though I think). > When a connection comes up something like this is logged: > > %LINK-3-UPDOWN: Interface BRI1/0:2, changed state to up > %DIALER-6-BIND: Interface BR1/0:2 bound to profile Di99 > %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI1/0:2, changed state to > up > %ISDN-6-CONNECT: Interface BRI1/0:2 is now connected to 0123456789 > remotename > > Unfortunately that log is always the same, if the router itself called out > or was called nothing changes. On the router itself at the moment it is easy > to find that info (sh dialer, sh isdn hist, sh isdn act), but not in the > logfile. > > The only way I found is keeping active debug dialer event, probably not the > best thing on a production router. > > Any idea how to get some meaningfull log ? > Thanks > Heiko > > -- > -- PREVINET S.p.A.[EMAIL PROTECTED] > -- Via Ferretto, 1ph x39-041-5907073 > -- I-31021 Mogliano V.to (TV) fax x39-041-5907472 > -- ITALY Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=45052&t=44798 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DDR logging line opening ? [7:44798]
Everybody, thank you. As I supposed nothing "passive" came up - sniffing and analyzing the traffic, or remote snmp query to the call hist table need something polling continuosly, or at least parsing the normal log in order to check when necessary. What woulb have been "nice and the correct way" (for some value of correct) would be some way to make the router itself log the relevant information, without need for external devices polling or sniffing and analyzing the data, as with "debug dialer" active. Bye Heiko -- -- PREVINET S.p.A.[EMAIL PROTECTED] -- Via Ferretto, 1ph x39-041-5907073 -- I-31021 Mogliano V.to (TV) fax x39-041-5907472 -- ITALY > -Original Message- > From: Chris Camplejohn [mailto:[EMAIL PROTECTED]] > Sent: Sunday, May 26, 2002 4:33 AM > To: [EMAIL PROTECTED] > Subject: Re: DDR logging line opening ? [7:44798] > > > Check the SNMP MIBs...I can't remember the one off the top of > my head, but > there is one for Call Detail History...You can query that and > get all sorts > of good info (like you see in sh isdn hist, sh isdn active...) > > Chris > > ""Herold Heiko"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hello, > > ddr, dialer profiles, isdn (ininfluent though I think). > > When a connection comes up something like this is logged: > > > > %LINK-3-UPDOWN: Interface BRI1/0:2, changed state to up > > %DIALER-6-BIND: Interface BR1/0:2 bound to profile Di99 > > %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI1/0:2, > changed state to > > up > > %ISDN-6-CONNECT: Interface BRI1/0:2 is now connected to 0123456789 > > remotename > > > > Unfortunately that log is always the same, if the router > itself called out > > or was called nothing changes. On the router itself at the > moment it is > easy > > to find that info (sh dialer, sh isdn hist, sh isdn act), > but not in the > > logfile. > > > > The only way I found is keeping active debug dialer event, > probably not > the > > best thing on a production router. > > > > Any idea how to get some meaningfull log ? > > Thanks > > Heiko > > > > -- > > -- PREVINET S.p.A.[EMAIL PROTECTED] > > -- Via Ferretto, 1ph x39-041-5907073 > > -- I-31021 Mogliano V.to (TV) fax x39-041-5907472 > > -- ITALY Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=45335&t=44798 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
logging http traffic on PIX [7:56023]
Hi all, I need to log all TCP traffic from the inside interface of a PIX 515E (IOS 6.1) to the outside. On a router it's an easy task, a log server and an extendent access list like "permit tcp any any log", but in PIX access-list the log command is no allowed. Any idea ? I tried a workaround with a radius server and the AAA solution too, but accounting doesn't work without authentication, and I don't want any authetication request to the clients: another problem is that it works only with http, ftp and telnet. Thanks in advance for any help. Fabio Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56023&t=56023 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help with pix firewall logging [7:61902]
All, I have a pix running 6.2 it is logging to a freebsd server on the local network. It was logging at one time to syslog no problem but all of a sudden it stopped and I can't get it working. Here is the logging config I turned up logging to see if it would help and nothing. Yes I am sure syslog is running on the box if I do a tcpdump on the freebsd server I see nothing coming from the pix. logging on logging timestamp logging trap warnings logging history debugging logging facility 23 logging host inside 192.168.11.254 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61902&t=61902 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Assitance Required: Gatekeeper Accounting/Logging [7:51187]
Hi group, I am setting up a gatekeeper with a couple of gateways. I have installed a RADIUS server enabled gatekeeper accounting. The problem is that in the log file there is only the gatekeepes's IP address and the H323-ID of the gateways logged: NASIPADDRESS: a.b.c.d ---> IP address of the GK UserName: Alpha---> H323 ID of the Gateway CallingStationId: Aplha---> H323 ID of the Gateway CalledStationId: 12#123456789 > Dialed Number ***(Alpha has originated a call) I was wondering how I could setup the gatekeeper so that the IP address of the GATEWAYS would be logged as well. Any input would be appreciated. Hamid Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51187&t=51187 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Logging ICMP on a PIX [7:73232]
Do anyone know how to log ICMP traffic that is allowed through a PIX?? I can see denied ICMP no problem. I can log all my other traffic with logging trap debug set, but it can't see ICMP traffic passing through the firewall. Is this normally behaviour for 6.2(2)? Cheers Pat Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73232&t=73232 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN logging ACS server [7:73297]
Sounds like you need to turn on accounting to get the start/stop records. -Original Message- From: Jim Devane [mailto:[EMAIL PROTECTED] Sent: 31 July 2003 18:42 To: [EMAIL PROTECTED] Subject: VPN logging ACS server [7:73297] Hello all, I have 3.6 Clients connecting to a PIX 515 and using Xauth. Everything is just grand except I need a way to get a reporting of everyuser that logs in and how long they were connected. Preferably including start and stop times. OUr ACS server is great for showing when the connection was made by making an entry in the "Passed Authentications" But it does not record when the VPN is torn down. Any solutions, suggestions, comments on how to capture the teardown so I can make a reporting of how long the user was connected? I sthere and ACS fix, a PIX fix..someother fix ( using an ISA server) I am open to all sorts of suggestions. thanks, jim === This message has been checked for all known viruses by the Sirocom Virus Scanning Service === === This message has been checked for all known viruses by the Sirocom Virus Scanning Service WWW.SIROCOM.COM === Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73338&t=73297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
what does " no logging console" mean? [7:1708]
I noticed this in my main config and curious as to what it is preventing. __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1708&t=1708 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT Simple SNMP Trap Logging Application [7:8968]
I need something to log SNMP traps. Something as simple as a Syslog server. Something hopefully free or cheap. No bells or whistles needed. Thanks, Bob Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8968&t=8968 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
logging the access on a router [7:34346]
Hello I'm trying to log access on a router (who and when) with a simple configuration ( without tacacs+ or radius) how i can do this ? Kind Regards. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34346&t=34346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cpu overhead for various logging types [7:38575]
i read in a book that the following were arranged in least to most cpu utilization, i wanted to verify it though, and i can not seem to find another source, cisco or otherwise buffered logging < syslog < virtual terminal < console does anyone know this? __ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38575&t=38575 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Logging - terminal monitor not working [7:39957]
I would add "no ip route-cache" on that interface and make sure that you don't have "logging synchronous" under line con 0... -- Lidiya White -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Pierre-Alex Guanel Sent: Saturday, March 30, 2002 3:04 PM To: [EMAIL PROTECTED] Subject: Logging - terminal monitor not working [7:39957] Kind of a silly problem but can't figure it out ... I am connected to R1 via telnet. I have turned on debugging of ip packets I also have issued the command "terminal monitor" Yet I do not get anything logged when I ping the Ethernet interface of R1 Any ideas? Thanks R1#sh terminal Line 2, Location: "", Type: "ANSI" Length: 45 lines, Width: 80 columns Baud rate (TX/RX) is 9600/9600 Status: Ready, Active, No Exit Banner Capabilities: Receives Logging Output Modem state: Ready Group codes:0 Special Chars: Escape Hold Stop Start Disconnect Activation ^^xnone - - none Timeouts: Idle EXECIdle Session Modem Answer Session Dispatch never nevernone not set Idle Session Disconnect Warning never Login-sequence User Response 00:00:30 Autoselect Initial Wait not set Modem type is unknown. Session limit is not set. Time since activation: 00:41:15 Editing is enabled. History is enabled, history size is 10. DNS resolution in show commands is enabled Full user help is disabled Allowed transports are lat pad v120 mop telnet rlogin nasi. Preferred is lat. No output characters are padded No special data dispatching characters ============ R1#sh logging Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Console logging: level debugging, 102 messages logged Monitor logging: level debugging, 2 messages logged Logging to: vty2(0) Buffer logging: level debugging, 102 messages logged Trap logging: level informational, 47 message lines logged Log Buffer (4096 bytes): Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39964&t=39957 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Logging - terminal monitor not working [7:39957]
Amazing I removed logging synchronous on line console 0 and debug worked I am curious, what is the reason for "logging synchronous" preventing debug outputs on terminal lines? Pierre-Alex -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lidiya White Sent: Saturday, March 30, 2002 5:46 PM To: [EMAIL PROTECTED] Subject: RE: Logging - terminal monitor not working [7:39957] I would add "no ip route-cache" on that interface and make sure that you don't have "logging synchronous" under line con 0... -- Lidiya White -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Pierre-Alex Guanel Sent: Saturday, March 30, 2002 3:04 PM To: [EMAIL PROTECTED] Subject: Logging - terminal monitor not working [7:39957] Kind of a silly problem but can't figure it out ... I am connected to R1 via telnet. I have turned on debugging of ip packets I also have issued the command "terminal monitor" Yet I do not get anything logged when I ping the Ethernet interface of R1 Any ideas? Thanks R1#sh terminal Line 2, Location: "", Type: "ANSI" Length: 45 lines, Width: 80 columns Baud rate (TX/RX) is 9600/9600 Status: Ready, Active, No Exit Banner Capabilities: Receives Logging Output Modem state: Ready Group codes:0 Special Chars: Escape Hold Stop Start Disconnect Activation ^^xnone - - none Timeouts: Idle EXECIdle Session Modem Answer Session Dispatch never nevernone not set Idle Session Disconnect Warning never Login-sequence User Response 00:00:30 Autoselect Initial Wait not set Modem type is unknown. Session limit is not set. Time since activation: 00:41:15 Editing is enabled. History is enabled, history size is 10. DNS resolution in show commands is enabled Full user help is disabled Allowed transports are lat pad v120 mop telnet rlogin nasi. Preferred is lat. No output characters are padded No special data dispatching characters ==== R1#sh logging Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Console logging: level debugging, 102 messages logged Monitor logging: level debugging, 2 messages logged Logging to: vty2(0) Buffer logging: level debugging, 102 messages logged Trap logging: level informational, 47 message lines logged Log Buffer (4096 bytes): Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39965&t=39957 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Logging - terminal monitor not working [7:39957]
Have seen it on many (mostly smaller) routers. Its a bug: > > ## Bug Id : CSCdu60369 > > ## Headline no syslog logging when logging synchronous enabled > > ## Product c2600 Model > > ## Component os-logging Duplicate of > > ## Severity 2 Status M > > ## Version Found12.0(7)T 12.0(6)S Fixed-in Version12.2(5) > > ## Release Notes > > ## > > ## The logging synchronous line configuration command may > > ## cause logging to stop. > > ## > > ## Workaround: Remove this command. hth Reinhold Pierre-Alex Guanel wrote: > > Amazing I removed logging synchronous on line console 0 > and debug > worked > > I am curious, what is the reason for "logging synchronous" > preventing debug > outputs > > on terminal lines? > > Pierre-Alex > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of > Lidiya White > Sent: Saturday, March 30, 2002 5:46 PM > To: [EMAIL PROTECTED] > Subject: RE: Logging - terminal monitor not working [7:39957] > > > I would add "no ip route-cache" on that interface and make sure > that you > don't have "logging synchronous" under line con 0... > > -- Lidiya White > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > Behalf Of > Pierre-Alex Guanel > Sent: Saturday, March 30, 2002 3:04 PM > To: [EMAIL PROTECTED] > Subject: Logging - terminal monitor not working [7:39957] > > Kind of a silly problem but can't figure it out ... > > I am connected to R1 via telnet. I have turned on debugging of > ip > packets > > I also have issued the command "terminal monitor" > > Yet I do not get anything logged when I ping the Ethernet > interface of > R1 > > Any ideas? > > Thanks > > > > R1#sh terminal > Line 2, Location: "", Type: "ANSI" > Length: 45 lines, Width: 80 columns > Baud rate (TX/RX) is 9600/9600 > Status: Ready, Active, No Exit Banner > Capabilities: Receives Logging Output > Modem state: Ready > Group codes:0 > Special Chars: Escape Hold Stop Start Disconnect Activation > ^^xnone - - none > Timeouts: Idle EXECIdle Session Modem Answer Session > Dispatch > never never > none not > set > Idle Session Disconnect Warning > never > Login-sequence User Response > 00:00:30 > Autoselect Initial Wait > not set > Modem type is unknown. > Session limit is not set. > Time since activation: 00:41:15 > Editing is enabled. > History is enabled, history size is 10. > DNS resolution in show commands is enabled > Full user help is disabled > Allowed transports are lat pad v120 mop telnet rlogin nasi. > Preferred > is > lat. > No output characters are padded > No special data dispatching characters > > > R1#sh logging > Syslog logging: enabled (0 messages dropped, 0 flushes, 0 > overruns) > Console logging: level debugging, 102 messages logged > Monitor logging: level debugging, 2 messages logged > Logging to: vty2(0) > Buffer logging: level debugging, 102 messages logged > Trap logging: level informational, 47 message lines logged > > Log Buffer (4096 bytes): > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39989&t=39957 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]