[Date Prev][Date Next][Thread Prev][Thread Next][Thread Index]
Re: [fw1-gurus] log traffic from/to a machine
Hi Andreas,
If you have a cisco router or switch it may make more sense to create a span to a separate system, that way you don't put any strain on the firewall. How to do this depends on the device you use, but a common usage would be:
monitor session 1 source [interface | vlan] [interface number | vlan number]
monitor session 1 destination interface [interface]
for instance:
monitor session 1 source vlan 102
monitor session 1 destination gig 1/1
this would take ALL traffic from vlan 102 and send it down gig 1/1. You could then set up an interface on a system, connect it to gig 1/1, and then use some sort of sniffer software like tcpdump to sniff the traffic.
The benefits of this method are that there's no latency or processor issues. Other switch devices may have something similar, you'd have to check their documentation.
hope this helps,
Greg
----- Original Message ----
From: Andreas Moroder <andreas.moroder@xxxxxxxxxxxx>
To: fw1-gurus@xxxxxxxxxxxxxxxxxx
Sent: Tuesday, January 27, 2009 1:49:47 PM
Subject: [fw1-gurus] log traffic from/to a machine
Hello,
we don't like to enable loggin on all rules, on the other side for bugtracking it would be a big thing to get the log of all the traffic to and from one address. Is it possible to create such a rule that does nothing but loggin and dos not allow or disallow this traffic or is tcpdump the only option ?
Thanks
Andreas
_______________________________________________
fw1-gurus mailing list
fw1-gurus@xxxxxxxxxxxxxxxxxx
http://lists.phoneboy.com/listinfo.cgi/fw1-gurus-phoneboy.com
_______________________________________________
fw1-gurus mailing list
fw1-gurus@xxxxxxxxxxxxxxxxxx
http://lists.phoneboy.com/listinfo.cgi/fw1-gurus-phoneboy.com
|