Well, it depends on what you want to do. if you just want to see the packets blocked by your firewall, the inbound access-list, you just add the deny ip any any log at the end and log the traffic to syslog server. you will see a lot of traffic like ping sweeps, etc.
But to see if somebody is actually trying to launch the attack you will have to enable IPS (intrusion prevention) and log this info.
But do not expect miracles with the router. with 64 MB RAM, you will be able to apply relatively few attack signatures, you could upgrade it to 128 and it will be much better. you then download sdf file to your flash and use the command
no ip ips sdf builtin (to disable the signatures that come with the IOS)
ip ips sdf location flash:/...
you enable IPS in a simmilar way as you did inspection
ip ips name ips_rule
ip ips ips_rule in
Even if you have only 64 MB of Ram it is still worth doing (you paid for it when you bought the router :).
The sdf file you need to download to your flash then is attack-drop.sdf which contains limited number of signatures optimized for the amount of Ram.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :