Logging a particular IP address

Answered Question
Feb 22nd, 2006
User Badges:

Hi,


It’s possible to logg a particular set of IP’s say 200.200.xxx.1 and 200.200.xxx.2 when ever it sends are receives any packet to our routers.


Thanks in advance


Rajesh


Correct Answer by ankurbhasin about 11 years 5 months ago

Hi Rajesh,


Your original post was realtaed to logs if particular ip hits your machine or move out from your machine for which James already answered.


If you are talking of system logs messages I mean logs which are generated on switches and how it can be logged and what are different levels of logging level and how you can set the logging levels for different levels of logs you can go through this link


http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12120ea2/3550scg/swlog.htm#wp1031557


For CATOS switches


http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_1/confg_gd/logging.htm


logging source-interface command which you configured has a different significance


It specify the source IP address of syslog packets. When you configure your switch to send all the logs to syslog server this command will log the messages in your syslog server with source interface as dialer 0.


Normally, a syslog message contains the IP address of the interface it uses to leave the router. The logging source-interface command specifies that syslog packets contain the IP address of a particular interface, regardless of which interface the packet uses to exit the router.



Check this link for some more details on command which you configured and some other logging command with its user guidlines



http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124tcr/tcf_r/cf_04ht.htm#wp1037491


Hope that helps - pls rate the post if it does.


Ankur

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
jarathbu Wed, 02/22/2006 - 21:16
User Badges:
  • Bronze, 100 points or more

Hello,


You can try an ACL with log keyword.


e.g.


access-list 101 permit ip host 200.200.x.x.1 host 200.200.x.x.2 log

access-list 101 permit ip host 200.200.x.x.2 host 200.200.x.x.1 log

access-list 101 permit ip any any


Hope this helps.



Regards,



James

kradjesh13 Thu, 02/23/2006 - 15:29
User Badges:

Thanks James.


Without having a proper idea in logging when i was asked to logg the traffic i gave the command like


logging source-interface dialer0


thinking that all the incomming traffic will be logged. Still i havn't looked at the logs generated.


Can any one send me a link which explains about logs. I need to know to get a better understanding of the logs.


Thank


Rajesh



Correct Answer
ankurbhasin Thu, 02/23/2006 - 21:17
User Badges:
  • Red, 2250 points or more

Hi Rajesh,


Your original post was realtaed to logs if particular ip hits your machine or move out from your machine for which James already answered.


If you are talking of system logs messages I mean logs which are generated on switches and how it can be logged and what are different levels of logging level and how you can set the logging levels for different levels of logs you can go through this link


http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12120ea2/3550scg/swlog.htm#wp1031557


For CATOS switches


http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_1/confg_gd/logging.htm


logging source-interface command which you configured has a different significance


It specify the source IP address of syslog packets. When you configure your switch to send all the logs to syslog server this command will log the messages in your syslog server with source interface as dialer 0.


Normally, a syslog message contains the IP address of the interface it uses to leave the router. The logging source-interface command specifies that syslog packets contain the IP address of a particular interface, regardless of which interface the packet uses to exit the router.



Check this link for some more details on command which you configured and some other logging command with its user guidlines



http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124tcr/tcf_r/cf_04ht.htm#wp1037491


Hope that helps - pls rate the post if it does.


Ankur

kradjesh13 Tue, 02/28/2006 - 22:08
User Badges:

Thanks Ankur,


Your post was really helpful to me.


Regards


Rajesh

Actions

This Discussion