Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Help on logging on my Soho 77

Reply
Thread Tools

Help on logging on my Soho 77

 
 
Mr. Spadoni
Guest
Posts: n/a
 
      09-15-2006
Hello
I got a SOHO 77 IOS 12.3 (15).

I need to write a log entry everytime someone from the internet accesses one
my pc via Remote Desktop (TCP3389)

I have put an access-list


access-list 100 permit tcp any eq 3389 host xx.xx.xx.xxx eq 3389 log

But this won't log.

Can some one help me?


 
Reply With Quote
 
 
 
 
AM
Guest
Posts: n/a
 
      09-15-2006
Mr. Spadoni wrote:
> I need to write a log entry everytime someone from the internet accesses one
> my pc via Remote Desktop (TCP3389)
>
> I have put an access-list
>
>
> access-list 100 permit tcp any eq 3389 host xx.xx.xx.xxx eq 3389 log
>
> But this won't log.


conf t
logging on
loggin buffered 512000 (choose how many bytes you want to reserve for logs)

HTH Alex
 
Reply With Quote
 
 
 
 
Mr. Spadoni
Guest
Posts: n/a
 
      09-15-2006
Hello


router#show log
Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0
flushes, 0 overruns, xml disabled)
Console logging: disabled
Monitor logging: level warnings, 0 messages logged, xml disabled
Buffer logging: level notifications, 119 messages logged, xml disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Trap logging: level informational, 124 message lines logged

Log Buffer (4096 bytes):


I open a rdp connection but nothing happens on the log on the cisco.

How can I do?



 
Reply With Quote
 
Merv
Guest
Posts: n/a
 
      09-15-2006
Did you apply the access-list to any Interface ?

Post your entrie config

 
Reply With Quote
 
Bod43@hotmail.co.uk
Guest
Posts: n/a
 
      09-15-2006

Merv wrote:
> Did you apply the access-list to any Interface ?
>
> Post your entrie config



You need:-
access-list 100 permit tcp any host xx.xx.xx.xxx eq 3389 log

since the source port of the incomming connection is unknown
and is chosen by the outside device.


You also need to have the approprite kind of
logging enabled. The log on the router
is stored in RAM and is not preserved over a reboot.


"Log Buffer (4096 bytes):" will likely not be enough,
as noted by AM already.

You should consider an external syslog server
or an SNMP trap reveiver.

Don't though have too many log receivers since
too much logging can be bad for a router's health.

Here is the logging configuration of a box here:-

R2#sh run | inc log
service timestamps log datetime localtime show-timezone
logging buffered 65536 debugging
no logging console ! can adversely affect CPU
! one interrupt per character sent.
logging facility local6 ! I don't understand this
logging source-interface Loopback0
logging 192.168.5.1 ! do syslog
snmp-server enable traps syslog ! ! also snmp


I don't recommend doing SNMP AND syslog
just seems stupid to give the router
extra work.

 
Reply With Quote
 
Mr. Spadoni
Guest
Posts: n/a
 
      09-15-2006
Hello

Well I have a static DSL with a 8ip subnet

the first ip is my gw/router cisco on .177 IP.

on IP 178 there is a firewall that PATs the 3389 on its public wan address
to a private lan pc 192.168.0.138


the wan int of the cisco is the atm0.35
the "public" lan is the eth0


I put an ACL on the atm0.35 wich permits the 3389 inside and log

for me it is sufficient to log on the ram even if it clears on reboot.

Now is the config:


Current configuration : 8911 bytes
!
! Last configuration change at 10:26:32 CET Fri Sep 15 2006 by maggiore
! NVRAM config last updated at 10:26:11 CET Fri Sep 15 2006 by maggiore
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime
service timestamps log datetime localtime
service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered notifications
no logging console
enable password 7 xxxxxxxxxxxxx
!
clock timezone CET 1
ip subnet-zero
no ip source-route
ip tcp synwait-time 15
!
no ip bootp server
username maggiore SNIP
!
!
!
interface Ethernet0
bandwidth 10000
ip address xxxxxxxxxxx
ip broadcast-address xxxxxxxxx
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no cdp enable
hold-queue 100 out
!
interface ATM0
bandwidth 608
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
atm vc-per-vp 64
atm ilmi-keepalive
dsl operating-mode itu-dmt
hold-queue 224 in
!
interface ATM0.35 point-to-point
bandwidth 1504
ip address xxxxxxxxxxxxx
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
pvc 8/35
encapsulation aal5snap
!
!
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.35
no ip http server
!
access-list 100 deny ip 0.0.0.0 0.255.255.255 any
access-list 100 deny ip 10.0.0.0 0.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 deny ip 169.254.0.0 0.0.255.255 any
access-list 100 deny ip 172.16.0.0 0.15.255.255 any
access-list 100 deny ip 192.0.2.0 0.0.0.255 any
access-list 100 deny ip 192.168.0.0 0.0.255.255 any
access-list 100 deny ip 224.0.0.0 15.255.255.255 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip host 85.33.96.176 host 85.33.96.176
access-list 100 deny ip host 85.33.96.177 host 85.33.96.177
access-list 100 deny ip host 85.33.96.178 host 85.33.96.178
access-list 100 deny ip host 85.33.96.179 host 85.33.96.179
access-list 100 deny ip host 85.33.96.180 host 85.33.96.180
access-list 100 deny ip host 85.33.96.181 host 85.33.96.181
access-list 100 deny ip host 85.33.96.182 host 85.33.96.182
access-list 100 deny ip host 85.33.96.183 host 85.33.96.183
access-list 100 deny ip host 212.97.35.10 host 85.33.96.181
access-list 100 deny ip host 85.33.96.176 any
access-list 100 deny ip host 85.33.96.177 any
access-list 100 deny ip host 85.33.96.178 any
access-list 100 deny ip host 85.33.96.179 any
access-list 100 deny ip host 85.33.96.180 any
access-list 100 deny ip host 85.33.96.181 any
access-list 100 deny ip host 85.33.96.182 any
access-list 100 deny ip host 85.33.96.183 any
access-list 100 deny ip any host 85.33.96.176
access-list 100 deny ip any host 85.33.96.183
access-list 100 permit ip host 89.186.68.6 any
access-list 100 permit udp any any eq ntp
access-list 100 permit ip any any fragments
access-list 100 permit icmp any any echo
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any packet-too-big
access-list 100 permit icmp any any unreachable
access-list 100 deny icmp any any
access-list 100 permit igmp any any
access-list 100 permit gre any any
SNIP

Now focusing on the ACL regarding my ip

access-list 100 deny tcp any host xxxxxxx.178 eq 135
access-list 100 deny udp any host xxxxxxx.178 eq 135
access-list 100 deny tcp any host xxxxxxx.178 range 137 139
access-list 100 deny udp any host xxxxxxx.178 range netbios-ns netbios-ss
access-list 100 deny tcp any host xxxxxxx.178 eq 445
access-list 100 deny udp any host xxxxxxx.178 eq 445
access-list 100 permit udp any eq domain host xxxxxxx.178 range 1024 5000
access-list 100 permit tcp any eq 3389 host 8xxxxxxx.178 eq 3389 log
access-list 100 permit tcp any host xxxxxxx.178 gt 1023
access-list 100 permit tcp any host xxxxxxx.178 gt 1023 established
access-list 100 deny tcp any lt 1023 host xxxxxxx.178 lt 1023
access-list 100 deny udp any lt 1023 host xxxxxxx.178 lt 1023
access-list 100 permit 41 any host xxxxxxx.178
access-list 100 deny ip any host xxxxxxx.178
etc etc etc
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
no cdp run

etc etc etc














 
Reply With Quote
 
Mr. Spadoni
Guest
Posts: n/a
 
      09-15-2006
Hello

Well I have a static DSL with a 8ip subnet

the first ip is my gw/router cisco on .177 IP.

on IP 178 there is a firewall that PATs the 3389 on its public wan address
to a private lan pc 192.168.0.138


the wan int of the cisco is the atm0.35
the "public" lan is the eth0


I put an ACL on the atm0.35 wich permits the 3389 inside and log

for me it is sufficient to log on the ram even if it clears on reboot.

Now is the config:


Current configuration : 8911 bytes
!
! Last configuration change at 10:26:32 CET Fri Sep 15 2006 by maggiore
! NVRAM config last updated at 10:26:11 CET Fri Sep 15 2006 by maggiore
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime
service timestamps log datetime localtime
service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered notifications
no logging console
enable password 7 xxxxxxxxxxxxx
!
clock timezone CET 1
ip subnet-zero
no ip source-route
ip tcp synwait-time 15
!
no ip bootp server
username maggiore SNIP
!
!
!
interface Ethernet0
bandwidth 10000
ip address xxxxxxxxxxx
ip broadcast-address xxxxxxxxx
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no cdp enable
hold-queue 100 out
!
interface ATM0
bandwidth 608
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
atm vc-per-vp 64
atm ilmi-keepalive
dsl operating-mode itu-dmt
hold-queue 224 in
!
interface ATM0.35 point-to-point
bandwidth 1504
ip address xxxxxxxxxxxxx
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
pvc 8/35
encapsulation aal5snap
!
!
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.35
no ip http server
!



SNIP

Now focusing on the ACL regarding my ip

access-list 100 deny tcp any host xxxxxxx.178 eq 135
access-list 100 deny udp any host xxxxxxx.178 eq 135
access-list 100 deny tcp any host xxxxxxx.178 range 137 139
access-list 100 deny udp any host xxxxxxx.178 range netbios-ns netbios-ss
access-list 100 deny tcp any host xxxxxxx.178 eq 445
access-list 100 deny udp any host xxxxxxx.178 eq 445
access-list 100 permit udp any eq domain host xxxxxxx.178 range 1024 5000
access-list 100 permit tcp any eq 3389 host 8xxxxxxx.178 eq 3389 log
access-list 100 permit tcp any host xxxxxxx.178 gt 1023
access-list 100 permit tcp any host xxxxxxx.178 gt 1023 established
access-list 100 deny tcp any lt 1023 host xxxxxxx.178 lt 1023
access-list 100 deny udp any lt 1023 host xxxxxxx.178 lt 1023
access-list 100 permit 41 any host xxxxxxx.178
access-list 100 deny ip any host xxxxxxx.178
etc etc etc
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
no cdp run

etc etc etc















 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Logging to a file and closing it again properly (logging module) Christoph Haas Python 1 06-14-2006 08:47 AM
Logging to a file and closing it again properly (logging module) Christoph Haas Python 0 06-12-2006 09:58 PM
logging buffered vs. logging history Christian Roos Cisco 4 02-05-2006 10:55 PM
java.util.logging, where to put logging.properties? janne Java 0 09-10-2004 10:18 AM
[java.util.logging] logging only to _one_ file Stefan Siegl Java 0 08-27-2003 12:29 PM



Advertisments