Black box able to log traffic passing through...

James Lasky · ‎05-21-2008

Hi

I'm looking for a box able to sniff the tcp/ip traffic (source ip address, destination ip address and ports) passing from it's ingress interface to the egress interface and viceversa (useful the bypass option if this box fails) without any change of the traffic passing through, just logging it and sending this log to a syslog server.

We need it as solution to be compliant with the new police law against computer criminals where is written that all the internet traffic has to be logged (we offer sometimes transparent internet access to our customers where we do not put any kind of equipment as firewall, proxy or something else, only the router providing the internet access).

Do you know if Cisco provide something like that ? Other vendors ?

Any other idea how to be compliant with this request ?

Thanks

Pls advise

Ric

smahbub · ‎05-27-2008

Cisco Intrusion Prevention System Sensor can be used to log ip traffic. You can manually configure the sensor to capture all IP traffic associated with a host you specify by IP address. You can specify how long you want the IP traffic to be logged, how many packets you want logged, and how many bytes you want logged. The sensor stops logging IP traffic at the first parameter you specify.You can also have the sensor log IP packets every time a particular signature is fired. You can specify how long you want the sensor to log IP traffic and how many packets and bytes you want logged

James Lasky · ‎05-27-2008

Tks

I was able to do what needed enabling ip inspect on the router, enabling audit-trail and sending all the logs to our syslog server.

Ric