hortonhearsawho
MIS
Hi is there any way or software that will tell me the number of times a port or ip was accessed and from where. I can either do that on the port level or of a specific ip on the network. Does anyone have an idea? thank you.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Monitoring access
- Thread starter hortonhearsawho
- Start date
- Status
Well, the answer is yes.. to all...
But let's give it a start, the general idea is to use syslog for that.
Syslog is an open thing, so not specific to Cisco. Syslog messages in the Cisco environment can be triggered by a large number of events, not just access
The number of solutions to capture syslog messages are numerous. You can think of screenlogs, databases, Linux/Windows syslog host, Cisco applications like Prime etc etc
So since your question is kind of generic lets use an example.
Very basic:
When you have a switch and put a serial cable into the back you should already see log messages.
You can also store these in a file on the device.
As mentioned syslog messages can also be forwarded to external hosts or applications. This is preferred, as when your device is dead, you also lost your logs, and someone with access to the device can erase their tracks.
You need to read up on syslog in the Cisco environment. Cisco describes all the options in the support documentation per device. These can be found on the Cisco.com site.
Then if you want to take it a step further, there are also access control methodes like TACACS or radius, which control,log and prevent unauthorised access.
But let's give it a start, the general idea is to use syslog for that.
Syslog is an open thing, so not specific to Cisco. Syslog messages in the Cisco environment can be triggered by a large number of events, not just access
The number of solutions to capture syslog messages are numerous. You can think of screenlogs, databases, Linux/Windows syslog host, Cisco applications like Prime etc etc
So since your question is kind of generic lets use an example.
Very basic:
When you have a switch and put a serial cable into the back you should already see log messages.
You can also store these in a file on the device.
As mentioned syslog messages can also be forwarded to external hosts or applications. This is preferred, as when your device is dead, you also lost your logs, and someone with access to the device can erase their tracks.
You need to read up on syslog in the Cisco environment. Cisco describes all the options in the support documentation per device. These can be found on the Cisco.com site.
Then if you want to take it a step further, there are also access control methodes like TACACS or radius, which control,log and prevent unauthorised access.
- Thread starter
- #3
hortonhearsawho
MIS
telcoguy thanks for the reply. What I need in more details is I have a server connected to a port on the cisco switch. I need to know which ips and what time accessed that server on the switch. You are saying the syslog messages can provide this or do i need to get a monitoring software of some sortS?
VinceWhirlwind
Technical User
Is it a layer3 switch?
Are the client connections coming from a different subnet?
All the switch sees are either frames (Layer2) or packets (Layer3).
It's not going to have any idea which packets represent a connection, even less of an idea if it's only Layer2.
To log what connections you are getting, you need to be looking at TCP sessions, and It's not very likely the switch can help you with that.
You could get a firewall to do it.
But surely the server event log has a record of this stuff?
Are the client connections coming from a different subnet?
All the switch sees are either frames (Layer2) or packets (Layer3).
It's not going to have any idea which packets represent a connection, even less of an idea if it's only Layer2.
To log what connections you are getting, you need to be looking at TCP sessions, and It's not very likely the switch can help you with that.
You could get a firewall to do it.
But surely the server event log has a record of this stuff?
- Status
Similar threads