Re: How can I log the src IP/port dst IP/port to syslog svr

cltoh · ‎05-24-2004

I would like to capture what source IP is accessing which server so which subsystem can I turn on and which level should i use?

Gilles Dufour · ‎05-25-2004

use the llama/debug command 'flow trace ' with the command 'flow option <0x...>'.

This is somekind of debug ip packet.

The ip address that you enter servers as a filter.

The type of messages you get are :

5/1 471 FLOWMGR-4: TCP out 192.168.10.3:1053->10.48.66.123:80 SYN

You only see the traffic that is sent to SCM.

Once the flow is fastswitched you don't see it with the above debug.

Regards,

Gilles.

cltoh · ‎05-25-2004

If I would like to capture the message to syslog server,is the following command applicable

logging subsystem netman level debug-7

Thanks

Regards

Chin Lam

Gilles Dufour · ‎05-26-2004

the message starts with :FLOWMGR-4:

This means you need to have flowmgr logging level set to 4.

However, I don't see the use to log this to a syslog server.

This command should only be used to do some debugging.

You should not leave it running forever to gather statistics.

Regards,

Gilles.

cltoh · ‎05-26-2004

My customer would like to log all sessions going through the CSS. May I know is there any other alternative way to do this?

Please advice

Thanks

With Regards

Chin Lam

Gilles Dufour · ‎05-30-2004

There is no other way on the CSS itself.

But Cisco sells the NAM card that is a device to collect info about traffic.

The reason it is not good to do this on the CSS is because too much messages will impact performances and may cause more problems.

It is also not guarantee that all messages will be logged - they are rate limited.

Gilles.