Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Monitoring access

Status
Not open for further replies.
hortonhearsawho

hortonhearsawho

MIS
Sep 29, 2008
105
0
0
CA
Hi is there any way or software that will tell me the number of times a port or ip was accessed and from where. I can either do that on the port level or of a specific ip on the network. Does anyone have an idea? thank you.
 
Sort by date Sort by votes
Well, the answer is yes.. to all...
But let's give it a start, the general idea is to use syslog for that.
Syslog is an open thing, so not specific to Cisco. Syslog messages in the Cisco environment can be triggered by a large number of events, not just access
The number of solutions to capture syslog messages are numerous. You can think of screenlogs, databases, Linux/Windows syslog host, Cisco applications like Prime etc etc
So since your question is kind of generic lets use an example.
Very basic:
When you have a switch and put a serial cable into the back you should already see log messages.
You can also store these in a file on the device.
As mentioned syslog messages can also be forwarded to external hosts or applications. This is preferred, as when your device is dead, you also lost your logs, and someone with access to the device can erase their tracks.
You need to read up on syslog in the Cisco environment. Cisco describes all the options in the support documentation per device. These can be found on the Cisco.com site.
Then if you want to take it a step further, there are also access control methodes like TACACS or radius, which control,log and prevent unauthorised access.
 
Upvote 0 Downvote
telcoguy thanks for the reply. What I need in more details is I have a server connected to a port on the cisco switch. I need to know which ips and what time accessed that server on the switch. You are saying the syslog messages can provide this or do i need to get a monitoring software of some sortS?
 
Upvote 0 Downvote
Is it a layer3 switch?
Are the client connections coming from a different subnet?

All the switch sees are either frames (Layer2) or packets (Layer3).
It's not going to have any idea which packets represent a connection, even less of an idea if it's only Layer2.
To log what connections you are getting, you need to be looking at TCP sessions, and It's not very likely the switch can help you with that.
You could get a firewall to do it.

But surely the server event log has a record of this stuff?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CDIV
  • Locked
  • Question
Use uplink port as access port 2960 1
Replies
9
Views
162
CDIV
CDIV
CDIV
  • Locked
  • Question
How do I enable SSH access in 2960x 1
Replies
4
Views
221
iggsterman
iggsterman
dmourghen
  • Locked
  • Question
PBR issue and Access-list
Replies
0
Views
46
dmourghen
dmourghen
mrdom
  • Locked
  • Question
RV325: Accessing LAN and WAN resources using the same hostname ...
Replies
0
Views
40
mrdom
mrdom
Castanz
  • Locked
  • Question
Can only access 1 port. Catalyst 2960-S
Replies
1
Views
37
allworxguy
allworxguy

Part and Inventory Search

Sponsor

Back
Top