More effective ways of picking ip's from logging

Unanswered Question
May 6th, 2008
User Badges:

When troubleshooting firewall issues I usually run term mon, let the log run for 30 seconds and then stop it capture the output into notepad then do a find for the IP/subnet I am interested in.

This is surely not the most efficient way of doing this.

Is there a way of putting some kind of access list on the output of terminal monitor or do others log to a syslog and filter on that

I am keen to find a more efficient way of spotting a host in the logs when I am trying to troubleshoot why they can't connect to a resource.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Tue, 05/06/2008 - 06:00
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


I use the capture comnmand. Example from a pix

access-list capit permit ip host host

capture cap access-list capit interface outside

The above would capture traffic on the outside interface from to

You can then do a

"sh capture" to view the results.

Attached is a link to capture command for ASA v7.2 which goes into a lot more detail.



This Discussion