Overloading log on 3750

Answered Question
Oct 6th, 2007
User Badges:

Hi all, just for personal knowledge how would you overload a log on a switch? I was thinking creating an ACL allowing ICMP and logging it. Then ping bombing the switch. When I labbed this up, the log showed the total # of pings hit on the ACL in one log line:


%SEC-6-IPACCESSLOGDP: list PING permitted icmp 10.0.0.2 -> 10.0.0.1 (0/0), 200 packets


How would I make the log show a line per ping received? Thanks.

Correct Answer by Edison Ortiz about 9 years 7 months ago

Can't be done with logging buffered. You need to rely on debug.


Example,


access-list 101 permit icmp any any


debug ip packet 101



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Edison Ortiz Sun, 10/07/2007 - 12:27
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

When the logging process is on, the messages are displayed on the console after the process that generated them has finished.


When the logging process is disabled, messages are sent only to the console. The messages are sent as they are generated, so error and debug output will be interspersed with prompts or output from the command.


System message logging is enabled by default. It must be enabled in order to send messages to any destination other than the console.


To disable message logging, use the no logging on command. Note that disabling the logging process can slow down the router because a process cannot continue until the messages are written to the console.



__________


http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/fcfprt3/fcf013.htm#wp1001168



joshcarlson Sun, 10/07/2007 - 13:08
User Badges:

Thanks for the response!


Our standard logging config is:

service timestamps log datetime localtime

logging buffered informational

logging monitor informational

& of course, we are sending all traps etc... to a syslog server.


When running an ACL similar to:

ip access-list extended PING

permit icmp host 10.0.0.2 host 10.0.0.1 log

permit ip any any

Is it possible to make each individual ping show up as a line in the log?



Thanks!

Edison Ortiz Sun, 10/07/2007 - 14:15
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

I believe I addressed this on my previous response. You need to disable logging.


Please read my post again.

joshcarlson Sun, 10/07/2007 - 14:18
User Badges:

Alright, I must be missing something. I turned logging off, and now nothing shows up in the log...

Edison Ortiz Sun, 10/07/2007 - 15:34
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Are you connected via the console port ?


If you are telnet into the router via a vty port, you need to execute terminal monitor to see the messages .


You won't see these messages in the buffer. The buffer is the content you see after typing show logging at the router's CLI.


Logging Buffering is disabled when you executed no logging (see my previous message) and Logging Console is the only service enabled.


Be careful on doing this, you may create a DoS on this router if a large amount of messages are generated. That's the reason messages aren't sent until the process that has generated has finished (see my previous post).

joshcarlson Mon, 10/08/2007 - 04:38
User Badges:

Oh ok, my bad man! What I want to do is overload the log buffer. I don't care about the log going to the console. When I issue "show log" I want each ping to have an individual line in the log buffer.

Correct Answer
Edison Ortiz Mon, 10/08/2007 - 13:32
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Can't be done with logging buffered. You need to rely on debug.


Example,


access-list 101 permit icmp any any


debug ip packet 101



joshcarlson Mon, 10/08/2007 - 13:34
User Badges:

Oh well, thanks for the help. I'm familiar with how to do such things for real-time monitoring, but I was wanting to overload the saved log buffer. Thanks!

Actions

This Discussion