Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
577
Views
0
Helpful
4
Replies

Logging from Specific IP

corey.mckinney
Level 1
Level 1

‎11-07-2005 02:30 PM - edited ‎03-03-2019 12:42 AM

Is there a way I can log traffic coming from a specific IP address on my LAN?

Labels:
0 Helpful
4 Replies 4

nhabib
Level 9
Level 9

‎11-07-2005 05:03 PM

If it's an IOS device, then you may use the following configuration command (and specify the interface):

logging source

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to nhabib

‎11-07-2005 06:27 PM

Corey

This response interprets your question as wanting to specify the source address for syslog messages sent from this router.

However I interpret your question as being that you want to capture and log messages from some host connected on a LAN that is connected on one of the interfaces on this router. If my interpretation is correct then I have a method to suggest, but I would be very careful about implementing this. The solution that I have in mind involves running debug ip packet. This command can have quite an impact on the performance of your router. So I will suggest combining an access list with the debug to get the results that you want and to minimize the impact of the debug.

Try this:

access-list 199 permit ip host any

debug ip packet 199

It creates an access list which identifies the unique host that you are interested in and applies that access list to limit the debug output to just the packets sourced from that host.

You might achieve your requirement if you could run things like Sniffer (or other packet capture software) on the traffic. But my suggestion is the only thing that I know that you can do on the router itself and achieve what you are asking. While debug ip packet can have quite an impact, combining that debug with an access list does reduce the impact.

HTH

Rick

HTH

Rick
0 Helpful

corey.mckinney
Level 1
Level 1
In response to Richard Burts

‎11-08-2005 08:34 AM

That is exactly what I want to do. Now, does this method create a log file, or is it real time?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to corey.mckinney

‎11-08-2005 01:48 PM

Corey

This method operates in real time. The messages are sent to syslog. So if you have telnetted to the router and if you have done terminal monitor command then you will see the output in real time. Also if you have configured logging buffered to include debugging level messages you can review the debug output in the logging buffer. And depending on how you have configured your syslog it is possible that you would send the debug output to a syslog server and you can view the file on the server.

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents