More effective ways of picking ip's from logging

Unanswered Question
May 6th, 2008
User Badges:

When troubleshooting firewall issues I usually run term mon, let the log run for 30 seconds and then stop it capture the output into notepad then do a find for the IP/subnet I am interested in.


This is surely not the most efficient way of doing this.


Is there a way of putting some kind of access list on the output of terminal monitor or do others log to a syslog and filter on that


I am keen to find a more efficient way of spotting a host in the logs when I am trying to troubleshoot why they can't connect to a resource.


Thanks


Roger

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Tue, 05/06/2008 - 06:00
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Roger


I use the capture comnmand. Example from a pix


access-list capit permit ip host 197.12.1.2 host 212.7.1.12


capture cap access-list capit interface outside


The above would capture traffic on the outside interface from 197.12.1.2 to 212.7.1.2.


You can then do a


"sh capture" to view the results.


Attached is a link to capture command for ASA v7.2 which goes into a lot more detail.


http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/c1_72.html#wp2034121


Jon

Actions

This Discussion