Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
431
Views
0
Helpful
1
Replies

Reading Logs

Ben F
Level 1
Level 1

‎02-27-2013 02:14 PM - edited ‎03-11-2019 06:07 PM

Hello, I'm reading through some logs. The logs contain hits on blacklisted IP address. I'm trying to determine if the connection was stopped at the firewall, but it isn't always clear. I'm trying to determine what is happening when I see the following:

Teardown UDP connection

Built outbound UDP connection

Teardown local-host

Built local-host

This might not necessarily help me figure things out, but it seems worth looking into! Thanks!

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎02-27-2013 02:23 PM

Hi,

A "Built outbound UDP/TCP connection" message always means that a connection attempt has passed the firewall rules and was allowed to form through the firewall

A "Teardown UDP/TCP connection" message always means that a connection that was previously allowed to form through the firewall was removed from the firewall for a certain reason. (For TCP connections -> Normal TCP connection close, SYN Timeout, Idle timeout, etc)

I think the local-host messages are similiar. I personally look more for the Built/Teardown messages

If the firewall has blocked some connection attempt you would be looking at a log message that starts with "Deny"

I think there is a way to show the allowed connections also separately in the log but usually there is no actual need since we see what we need in the "Built" messages.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card