Hello Friends,
Looking for some industry practice or advise how to handle such situation proactively.
I generally come across a situation where users report a disconnection of production application connectivity in recent past (few minutes or hours back) and would like to know the cause of the issue. Unless a state change of routing protocol or HSRP, or interface status, etc logging buffer (or syslog) doesnt suffice the investigation; need more logs like NAT translation during realtime or check if did the traffic had really reached the router. Is there a way to capture this information continuously?
I have heard of EPC (Embedded Packet Capture) can be used to monitor pass-through traffic, but its CPU intensive.
Thank you,
Krishna