Solved: Logging connection states for specific host

tom.gill · ‎02-18-2008

We have a server on an inside interface and need to log anything related to its TCP connections (build, teardown, etc.) to a syslog server.

I see how to do it by class, by message id, even by customer message list. However, I don't see where we can do this given a specific local ip address.

Ideas?

Thanks!

niro · ‎02-18-2008

You can set up a rule in the syslog server to log anything with the IP adderss and TCP as keywords in the message ID and log it to a file (or whatever rule you want to assign it). Not sure which syslog server you're using, but I know you could do it with Kiwi.

View solution in original post

niro · ‎02-18-2008

You can set up a rule in the syslog server to log anything with the IP adderss and TCP as keywords in the message ID and log it to a file (or whatever rule you want to assign it). Not sure which syslog server you're using, but I know you could do it with Kiwi.

tom.gill · ‎02-20-2008

That's a great idea. Although I wasn't able to find out how to filter the data in Kiwi, I was able to highlight certain messages.

Although I was receiving more data than I could view in real-time, I was able to search the log files for what I was looking for.

Can you think of a syslog server that will allow me to filter and store only data I want? I wasn't able to do this with Kiwi.

Thanks!