what exactly is " log-input "

Discussion in 'Cisco' started by boris, Jan 15, 2004.

  1. boris

    boris Guest

    Hi,
    I'm setting up my first cisco router. When configuring access-lists you can
    configure to log the match of a rule, these to options are available:

    log Log matches against this entry
    log-input Log matches against this entry, including input interface

    I don't understand what they mean with "log-input" and "including input
    interface"?

    Many thanks!
     
    boris, Jan 15, 2004
    #1

    1. Advertisements

  2. boris

    Walter Roberson Guest

    :I'm setting up my first cisco router. When configuring access-lists you can
    :configure to log the match of a rule, these to options are available:

    :log Log matches against this entry
    :log-input Log matches against this entry, including input interface

    :I don't understand what they mean with "log-input" and "including input
    :interface"?

    'log' includes the source IP address from the packet.
    'log-input' has that and also adds in a note about which interface
    the packet was detected on, by adding the interface name. That can
    be useful in tracking down spoofed packets.
     
    Walter Roberson, Jan 15, 2004
    #2

    1. Advertisements

  3. boris

    Tilman Schmidt Guest

    Simple. With "log", a packet log entry looks like this:
    With "log-input" the same event would look like this:
    Can you spot the difference?
     
    Tilman Schmidt, Jan 16, 2004
    #3
  4. boris

    JohnChuck

    Joined:
    Mar 7, 2007
    Messages:
    3
    Likes Received:
    0
    Hi I've used this format of access lists before, however I'm getting problems
    extracting these logs.

    The only command I know is "show logging", but this command only displays a
    few log entries and I need to see more. Does anyone know how could I do this?
     
    JohnChuck, Mar 7, 2007
    #4
  5. boris

    swapnendu

    Joined:
    Sep 13, 2006
    Messages:
    57
    Likes Received:
    0
    increase the buffer log size using "logging buffered <buffer size>" , e.g. buffer size can be 8192
     
    swapnendu, Mar 8, 2007
    #5
  6. boris

    JohnChuck

    Joined:
    Mar 7, 2007
    Messages:
    3
    Likes Received:
    0
    Hi i tried that, but the only thing I got was:

    On a Cisco Switch
    Code:
    Switch#sh log ?
  history  Show the contents of syslog history table
  |        Output modifiers
  <cr>
    On a Cisco Access Point
    Code:
    AccessPoint#sh log ?
  count    Show counts of each logging message
  history  Show the contents of syslog history table
  |        Output modifiers
  <cr>
    I haven't tried it on a router yet maybe the buffer parameter only
    works on routers.
     
    JohnChuck, Mar 8, 2007
    #6
  7. boris

    swapnendu

    Joined:
    Sep 13, 2006
    Messages:
    57
    Likes Received:
    0
    some confusion here, i meant something else....u need to increase buffer size so that the device captures more log entries which u can view using the show logg command.

    Router(config)#logg buffered ?
    <0-7> Logging severity level
    <4096-2147483647> Logging buffer size
    .
    ...

    choose a value of 8192 or any larger value ..and then do "Show logg"
     
    swapnendu, Mar 12, 2007
    #7
  8. boris

    JohnChuck

    Joined:
    Mar 7, 2007
    Messages:
    3
    Likes Received:
    0
    That worked!
    Thank you very much swapnendu.
     
    JohnChuck, Mar 12, 2007
    #8

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. what exactly is a timeslot?

  2. What exactly is "ip only "IOS

  3. MCSD.Net upgrade path -- What is that exactly?

  4. Multicast? what exactly it does? How useful it is?

  5. What device exactly?

  6. what exactly is progressive music?

  7. Broadcast domain, collision domain.. what are they exactly????

  8. dRebel 2000: what's exactly the 1.6 multiplying factor and how it affects my current 35mm lenses?

Loading...