https://community.cisco.com/t5/network-security/capture-circular-buffering-to-syslog-server/m-p/1410992#M720487 <HTML><HEAD></HEAD><BODY><P>example:</P><P>If you want to capture your inside host's internet browsing traffic, you can issue the following with a circular-buffer command</P><P></P><P>cap capin int inside match tcp host 10.10.10.1 any eq 80 circular-buffer buffer 10000000</P><P></P><P>This will create a 10MB capture file and continue collecting fresh packets after the 10MB buffer gets full.</P><P></P><P>I am not sure what you mean by send it to syslog server.</P><P></P><P>You have to issue "sh cap capin" or save the capture using tftp or http</P><P></P><P><A class="jive-link-external-small" href="https://">https://</A><SPAN><IP_ADDRESS>/capture/capin/pcap</IP_ADDRESS></SPAN></P><P></P><P><SPAN>capture command reference: </SPAN><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/c1.html#wp2129312">http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/c1.html#wp2129312</A></P><P></P><P>-KS</P></BODY></HTML> Tue, 16 Mar 2010 03:34:10 GMT Kureli Sankar 2010-03-16T03:34:10Z https://community.cisco.com/t5/network-security/capture-circular-buffering-to-syslog-server/m-p/1410991#M720486 <P class="MsoNormal" style="margin: 0in 0in 0pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;">HI</SPAN></P><P class="MsoNormal" style="margin: 0in 0in 0pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;"> </SPAN></P><P class="MsoNormal" style="margin: 0in 0in 0pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;">I'm running 8.0.5 and want to setup capture with “circular-buffer” and log it to my syslog server. Can I do this and if so, how?</SPAN></P><P class="MsoNormal" style="margin: 0in 0in 0pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;"> </SPAN></P><P class="MsoNormal" style="margin: 0in 0in 0pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;">Will this have a huge effect on my cpu/mem assuming default buffer at 512?</SPAN></P><P class="MsoNormal" style="margin: 0in 0in 0pt;"></P><P class="MsoNormal" style="margin: 0in 0in 0pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;">Thanks</SPAN></P> Mon, 11 Mar 2019 17:21:59 GMT https://community.cisco.com/t5/network-security/capture-circular-buffering-to-syslog-server/m-p/1410991#M720486 aamercado 2019-03-11T17:21:59Z https://community.cisco.com/t5/network-security/capture-circular-buffering-to-syslog-server/m-p/1410992#M720487 <HTML><HEAD></HEAD><BODY><P>example:</P><P>If you want to capture your inside host's internet browsing traffic, you can issue the following with a circular-buffer command</P><P></P><P>cap capin int inside match tcp host 10.10.10.1 any eq 80 circular-buffer buffer 10000000</P><P></P><P>This will create a 10MB capture file and continue collecting fresh packets after the 10MB buffer gets full.</P><P></P><P>I am not sure what you mean by send it to syslog server.</P><P></P><P>You have to issue "sh cap capin" or save the capture using tftp or http</P><P></P><P><A class="jive-link-external-small" href="https://">https://</A><SPAN><IP_ADDRESS>/capture/capin/pcap</IP_ADDRESS></SPAN></P><P></P><P><SPAN>capture command reference: </SPAN><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/c1.html#wp2129312">http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/c1.html#wp2129312</A></P><P></P><P>-KS</P></BODY></HTML> Tue, 16 Mar 2010 03:34:10 GMT https://community.cisco.com/t5/network-security/capture-circular-buffering-to-syslog-server/m-p/1410992#M720487 Kureli Sankar 2010-03-16T03:34:10Z