Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
229
Views
0
Helpful
1
Replies

More effective ways of picking ip's from logging

simplecisco
Level 1
Level 1

‎05-06-2008 05:38 AM - edited ‎03-11-2019 05:40 AM

When troubleshooting firewall issues I usually run term mon, let the log run for 30 seconds and then stop it capture the output into notepad then do a find for the IP/subnet I am interested in.

This is surely not the most efficient way of doing this.

Is there a way of putting some kind of access list on the output of terminal monitor or do others log to a syslog and filter on that

I am keen to find a more efficient way of spotting a host in the logs when I am trying to troubleshoot why they can't connect to a resource.

Thanks

Roger

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎05-06-2008 06:00 AM

Roger

I use the capture comnmand. Example from a pix

access-list capit permit ip host 197.12.1.2 host 212.7.1.12

capture cap access-list capit interface outside

The above would capture traffic on the outside interface from 197.12.1.2 to 212.7.1.2.

You can then do a

"sh capture" to view the results.

Attached is a link to capture command for ASA v7.2 which goes into a lot more detail.

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/c1_72.html#wp2034121

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card