Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

More effective ways of picking ip's from logging

When troubleshooting firewall issues I usually run term mon, let the log run for 30 seconds and then stop it capture the output into notepad then do a find for the IP/subnet I am interested in.

This is surely not the most efficient way of doing this.

Is there a way of putting some kind of access list on the output of terminal monitor or do others log to a syslog and filter on that

I am keen to find a more efficient way of spotting a host in the logs when I am trying to troubleshoot why they can't connect to a resource.

Thanks

Roger

1 REPLY
Hall of Fame Super Blue

Re: More effective ways of picking ip's from logging

Roger

I use the capture comnmand. Example from a pix

access-list capit permit ip host 197.12.1.2 host 212.7.1.12

capture cap access-list capit interface outside

The above would capture traffic on the outside interface from 197.12.1.2 to 212.7.1.2.

You can then do a

"sh capture" to view the results.

Attached is a link to capture command for ASA v7.2 which goes into a lot more detail.

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/c1_72.html#wp2034121

Jon

88
Views
0
Helpful
1
Replies