what exactly is " log-input "

Discussion in 'Cisco' started by boris, Jan 15, 2004.

  1. boris

    boris Guest

    Hi,
    I'm setting up my first cisco router. When configuring access-lists you can
    configure to log the match of a rule, these to options are available:

    log Log matches against this entry
    log-input Log matches against this entry, including input interface

    I don't understand what they mean with "log-input" and "including input
    interface"?

    Many thanks!
     
    boris, Jan 15, 2004
    #1
    1. Advertisements

  2. :I'm setting up my first cisco router. When configuring access-lists you can
    :configure to log the match of a rule, these to options are available:

    :log Log matches against this entry
    :log-input Log matches against this entry, including input interface

    :I don't understand what they mean with "log-input" and "including input
    :interface"?

    'log' includes the source IP address from the packet.
    'log-input' has that and also adds in a note about which interface
    the packet was detected on, by adding the interface name. That can
    be useful in tracking down spoofed packets.
     
    Walter Roberson, Jan 15, 2004
    #2
    1. Advertisements

  3. Simple. With "log", a packet log entry looks like this:
    With "log-input" the same event would look like this:
    Can you spot the difference?
     
    Tilman Schmidt, Jan 16, 2004
    #3
  4. boris

    JohnChuck

    Joined:
    Mar 7, 2007
    Messages:
    3
    Likes Received:
    0
    Hi I've used this format of access lists before, however I'm getting problems
    extracting these logs.

    The only command I know is "show logging", but this command only displays a
    few log entries and I need to see more. Does anyone know how could I do this?
     
    JohnChuck, Mar 7, 2007
    #4
  5. boris

    swapnendu

    Joined:
    Sep 13, 2006
    Messages:
    57
    Likes Received:
    0
    increase the buffer log size using "logging buffered <buffer size>" , e.g. buffer size can be 8192
     
    swapnendu, Mar 8, 2007
    #5
  6. boris

    JohnChuck

    Joined:
    Mar 7, 2007
    Messages:
    3
    Likes Received:
    0
    Hi i tried that, but the only thing I got was:

    On a Cisco Switch
    Code:
    Switch#sh log ?
      history  Show the contents of syslog history table
      |        Output modifiers
      <cr>
    On a Cisco Access Point
    Code:
    AccessPoint#sh log ?
      count    Show counts of each logging message
      history  Show the contents of syslog history table
      |        Output modifiers
      <cr>
    I haven't tried it on a router yet maybe the buffer parameter only
    works on routers.
     
    JohnChuck, Mar 8, 2007
    #6
  7. boris

    swapnendu

    Joined:
    Sep 13, 2006
    Messages:
    57
    Likes Received:
    0
    some confusion here, i meant something else....u need to increase buffer size so that the device captures more log entries which u can view using the show logg command.

    Router(config)#logg buffered ?
    <0-7> Logging severity level
    <4096-2147483647> Logging buffer size
    .
    ...


    choose a value of 8192 or any larger value ..and then do "Show logg"
     
    swapnendu, Mar 12, 2007
    #7
  8. boris

    JohnChuck

    Joined:
    Mar 7, 2007
    Messages:
    3
    Likes Received:
    0
    That worked!
    Thank you very much swapnendu.
     
    JohnChuck, Mar 12, 2007
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.