11-07-2005 02:30 PM - edited 03-03-2019 12:42 AM
Is there a way I can log traffic coming from a specific IP address on my LAN?
11-07-2005 05:03 PM
If it's an IOS device, then you may use the following configuration command (and specify the interface):
logging source
11-07-2005 06:27 PM
Corey
This response interprets your question as wanting to specify the source address for syslog messages sent from this router.
However I interpret your question as being that you want to capture and log messages from some host connected on a LAN that is connected on one of the interfaces on this router. If my interpretation is correct then I have a method to suggest, but I would be very careful about implementing this. The solution that I have in mind involves running debug ip packet. This command can have quite an impact on the performance of your router. So I will suggest combining an access list with the debug to get the results that you want and to minimize the impact of the debug.
Try this:
access-list 199 permit ip host
debug ip packet 199
It creates an access list which identifies the unique host that you are interested in and applies that access list to limit the debug output to just the packets sourced from that host.
You might achieve your requirement if you could run things like Sniffer (or other packet capture software) on the traffic. But my suggestion is the only thing that I know that you can do on the router itself and achieve what you are asking. While debug ip packet can have quite an impact, combining that debug with an access list does reduce the impact.
HTH
Rick
11-08-2005 08:34 AM
That is exactly what I want to do. Now, does this method create a log file, or is it real time?
11-08-2005 01:48 PM
Corey
This method operates in real time. The messages are sent to syslog. So if you have telnetted to the router and if you have done terminal monitor command then you will see the output in real time. Also if you have configured logging buffered to include debugging level messages you can review the debug output in the logging buffer. And depending on how you have configured your syslog it is possible that you would send the debug output to a syslog server and you can view the file on the server.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: