«

This seems to me to be a very basic question, but I can't find any specific
info thru Google, etc.

If I have a router configured for buffered logging, how can I view actual
the log of network traffic (source, destination, port, packet detail,etc)
that's passing through? The "show logging" command just tells me the number
of stored messages, but not the content of those messages (some of which I
presume are traffic details).

Do I need to be doing a show type of command at the interface level or
something?

Thanks for any help..

JDB

In article <>,
"JDB" <> wrote:

> This seems to me to be a very basic question, but I can't find any specific
> info thru Google, etc.
>
> If I have a router configured for buffered logging, how can I view actual
> the log of network traffic (source, destination, port, packet detail,etc)
> that's passing through? The "show logging" command just tells me the number
> of stored messages, but not the content of those messages (some of which I
> presume are traffic details).
>
> Do I need to be doing a show type of command at the interface level or
> something?

"show log" will normally show the contents of the log buffer.

Note that the router doesn't normally log network traffic. If you want
traffic to be logged, you need to use a packet filter that has "log"
options specified, or use the "debug ip packet" command.

--
Barry Margolin,
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

Depends on wether you want to view all traffic or just traffic coming
from a specific network/subnet. To view all traffic I think doing
something like "access-list 150 permit ip any any log" will do. But be
aware that the log will fill up very quickly depending on the amount of
incoming traffic, this may also put a lot of load on the cpu because of
the logging. Or if you know what subnet you would like to view do
something like:

access-list 150 permit ip 192.168.5.0 0.0.0.255 192.168.10.0 log
access-list 150 permit ip any any

This will logg traffic coming from the dot 5 network to any host on the
dot 10 network. HTH!

JDB wrote:
> This seems to me to be a very basic question, but I can't find any specific
> info thru Google, etc.
>
> If I have a router configured for buffered logging, how can I view actual
> the log of network traffic (source, destination, port, packet detail,etc)
> that's passing through? The "show logging" command just tells me the number
> of stored messages, but not the content of those messages (some of which I
> presume are traffic details).
>
> Do I need to be doing a show type of command at the interface level or
> something?
>
> Thanks for any help..
>
> JDB
>
>
>

Jesse wrote:

> Depends on wether you want to view all traffic or just traffic coming
> from a specific network/subnet. To view all traffic I think doing
> something like "access-list 150 permit ip any any log" will do. But be
> aware that the log will fill up very quickly depending on the amount of
> incoming traffic, this may also put a lot of load on the cpu because of
> the logging. Or if you know what subnet you would like to view do
> something like:
>
> access-list 150 permit ip 192.168.5.0 0.0.0.255 192.168.10.0 log
> access-list 150 permit ip any any
>
> This will logg traffic coming from the dot 5 network to any host on the
> dot 10 network. HTH!


Look for netfow if your router supports it

In article <>,
says...
>
> This seems to me to be a very basic question, but I can't find any specific
> info thru Google, etc.
>
> If I have a router configured for buffered logging, how can I view actual
> the log of network traffic (source, destination, port, packet detail,etc)
> that's passing through? The "show logging" command just tells me the number
> of stored messages, but not the content of those messages (some of which I
> presume are traffic details).
>
> Do I need to be doing a show type of command at the interface level or
> something?


"ip accounting" under the interface. But instead, use netflow if your
IOS supports it.

int s4/0/0/1:0
ip route-cache flow

"sho ip cache flow" (or something close to that)


--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
************************************************** ******************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************

Well, if you are TESTING, you might throw this in... Im not sure anyone in
the real world would recommend doing this....

!
access-list 101 permit ip any any log-input (This logs
source/dest/pckt info)
access-list 102 permit ip any any log-input (This logs
source/dest/pckt info)
!
int e0/0
ip access-group 101 in (This assigns ACL#101 to log incoming
pckts on int e0/0)
int e0/1
ip access-group 102 in (This assigns ACL#102 to log incoming
pckts on int e0/1)
!
service timestamps log datetime localtime (This puts time/date
stamps on each packet)
logging buffered 8192 debugging (This sets your log
buffer size. I recommend syslog instead)











"JDB" <> wrote in message
news:...
>
> This seems to me to be a very basic question, but I can't find any
specific
> info thru Google, etc.
>
> If I have a router configured for buffered logging, how can I view actual
> the log of network traffic (source, destination, port, packet detail,etc)
> that's passing through? The "show logging" command just tells me the
number
> of stored messages, but not the content of those messages (some of which I
> presume are traffic details).
>
> Do I need to be doing a show type of command at the interface level or
> something?
>
> Thanks for any help..
>
> JDB
>
>
>