05-21-2008 05:12 AM - edited 03-09-2019 08:45 PM
Hi
I'm looking for a box able to sniff the tcp/ip traffic (source ip address, destination ip address and ports) passing from it's ingress interface to the egress interface and viceversa (useful the bypass option if this box fails) without any change of the traffic passing through, just logging it and sending this log to a syslog server.
We need it as solution to be compliant with the new police law against computer criminals where is written that all the internet traffic has to be logged (we offer sometimes transparent internet access to our customers where we do not put any kind of equipment as firewall, proxy or something else, only the router providing the internet access).
Do you know if Cisco provide something like that ? Other vendors ?
Any other idea how to be compliant with this request ?
Thanks
Pls advise
Ric
05-27-2008 01:06 PM
Cisco Intrusion Prevention System Sensor can be used to log ip traffic. You can manually configure the sensor to capture all IP traffic associated with a host you specify by IP address. You can specify how long you want the IP traffic to be logged, how many packets you want logged, and how many bytes you want logged. The sensor stops logging IP traffic at the first parameter you specify.You can also have the sensor log IP packets every time a particular signature is fired. You can specify how long you want the sensor to log IP traffic and how many packets and bytes you want logged
05-27-2008 10:40 PM
Tks
I was able to do what needed enabling ip inspect on the router, enabling audit-trail and sending all the logs to our syslog server.
Ric
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide