08-11-2006 07:56 AM - edited 03-05-2019 12:00 PM
I have a Cisco 831 router, is there a way I can configure the router to log traffic going out to the internet?
Thanks
Solved! Go to Solution.
08-11-2006 08:57 AM
Jamie
There may be several alternatives that might achieve what you need. Probably the most direct answer is that you could accomplish logging of all traffic going to the internet by configuring this access list on the outbound interface:
access-list 101 permit ip any any log
This access list will log all outbound packets and the log record will show the source and destination addresses but not the port numbers. If you need the port numbers you need a slightly more elaborate access list:
access-list 101 permit tcp any range 0 65535 any range 0 65535 log
access-list 101 permit udp any range 0 65535 any range 0 65535 log
access-list 101 permit ip any any log
This should give you source and destination addresses and port numbers.
Be aware that doing this will place additional load on the CPU of the router. The amount of load will depend on the volume of traffic - the more traffic the heavier the load on the CPU. The amount of load on CPU also will depend on the destinations to which you log the information. If these logs go to the console the load will be heavier, so I would suggest that you configure logging console notification (or some more severe level - the access log messages are informational level 6). Sending the log messages to a syslog server will generate some load but less than logging to the console.
You might also think about whether enabling ip accounting or enabling netflow would generate the kind of data that you need. Both of these are much less load on CPU than an access list log of outgoing traffic.
HTH
Rick
08-11-2006 08:57 AM
Jamie
There may be several alternatives that might achieve what you need. Probably the most direct answer is that you could accomplish logging of all traffic going to the internet by configuring this access list on the outbound interface:
access-list 101 permit ip any any log
This access list will log all outbound packets and the log record will show the source and destination addresses but not the port numbers. If you need the port numbers you need a slightly more elaborate access list:
access-list 101 permit tcp any range 0 65535 any range 0 65535 log
access-list 101 permit udp any range 0 65535 any range 0 65535 log
access-list 101 permit ip any any log
This should give you source and destination addresses and port numbers.
Be aware that doing this will place additional load on the CPU of the router. The amount of load will depend on the volume of traffic - the more traffic the heavier the load on the CPU. The amount of load on CPU also will depend on the destinations to which you log the information. If these logs go to the console the load will be heavier, so I would suggest that you configure logging console notification (or some more severe level - the access log messages are informational level 6). Sending the log messages to a syslog server will generate some load but less than logging to the console.
You might also think about whether enabling ip accounting or enabling netflow would generate the kind of data that you need. Both of these are much less load on CPU than an access list log of outgoing traffic.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide