Re: logging on CSS11506

julxu · ‎01-05-2007

Is possible CSS11506 to log:

source ip

destnation IP (VIP)

url detail

for every session?

if yes, how to do it? and if not, is there anyway to log them?

(or is possible to make CSS11506 as a logging server)

Any comments will be appreciated

Thanks in advance

Gilles Dufour · ‎01-05-2007

not possible.

You should find another device for this purpose.

BTW, the servers should have the possibility to do it.

Gilles.

julxu · ‎01-07-2007

Gilles

thanks for replay. the question actually is rised after previous question about destnation group.

Since using destnation group will stop the server to log all the information. Then there is a question about:

1. if do not use destnation group, how can make only VIP related traffic go though CSS11506s?

2. if do use destnation group, can we log the information related to statistic on CSS or some machine fron of CSS?

Any advice will be appreciated.

Thanks in advance

Gilles Dufour · ‎01-07-2007

1. you can guarantee traffic to go back to the CSS without source group by using policy routing.

You create an acl to match source port 80 [if this is web traffic] and apply it in a route-map with set next-hop to specify that the traffic must go to the CSS. Finally, you apply the route-map to the inbound interface of the router.

2. you could have a NAM module collect statistics about the traffic or use a cache-engine. But why not simply redesign your network a little bit to have the servers just behind the CSS ?

Gilles.

julxu · ‎01-08-2007

Servers currently are behind the CSS, and the default gateways are CSS also. That cause all whole traffic, including administration traffic, window required traffic, and all go though CSS.

May I just confirm for a topical design for CSS, it should be:

admin-->|(route to admin subnet)int1--SERVER--int2(default gw)|<---CSS<--client

Please advice.

Thanks in advance