Can traffic access logs (src IP, dst IP, Allowed or Denied) be check?

yutashimamura2920 · ‎09-18-2024

We detected traffic from an external malicious server targeting one of our sites through the firewall.
We would like to check whether there was any access to the Cisco SD-WAN Router from this source.
Is it possible to confirm traffic access logs (such as Source IP, Destination IP, Allowed or Denied) via vManage?

Kanan Huseynli · ‎09-20-2024

Hi,

in GUI Monitor>Logs can show this.

In "events" you can find logins for routers , in 'audit logs' you can find logins for vmanage

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

yutashimamura2920 · ‎09-20-2024

@Kanan Huseynli
Thank you very much!
Is it possible to confirm traffic access logs (such as Source IP, Destination IP, Allowed or Denied)?
I am thinking of firewall logs.
I would like to confirm if the logs show traffic flow from which source IP address to which destination IP address.

MHM Cisco World · ‎11-10-2024

you want to troubleshouting or real time log ?

MHM

balaji.bandi · ‎11-10-2024

We detected traffic from an external malicious server targeting one of our sites through the firewall.

Is the Firewall front of any Edge router, how does your network Looks like.

Is the site have Internet breakout from your cEdge router ?

is the source ip behind cedge router ?

Yes if the Firewall able to log and retain the Logs, that is the best place look, Do you have any netflow enabled on sd-wan side to investigate this ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help