Generating
IP Logs
The sensor can be configured to catch all IP traffic
associated with the hosts you specify using the IP address. To generate log
files for a specific IP address, first log into the CLI using an account with
administrator or operator privileges. For each address, you can either specify
that the sensor log IP traffic until a specific threshold is reached (using
number of minutes, packets, or bytes), or you can configure the sensor to
continue logging IP traffic until you later disable IP logging for that address.
Type in the following command to configure the sensor so it
continues logging indefinitely for a specific IP address:
Sensor# iplog interface group number (0)
The components of this command include
Type the following command to configure the sensor to log IP
traffic until a specified threshold is reached.
Sensor# iplog interface group number (0)
packets bytes
The components of this command include:
-
minutes The duration the logging should
be active in minutes from 0 to 60 (the default is 10 minutes).
-
numPackets The maximum number of packets
to log from 0 to 4294967295 (the default is 1000 packets).
-
numBytes The maximum number of bytes to
log from 0 to 429496295.
|
Note |
You do not have to specify all three parameters; these are
optional. If you choose to include more than one parameter, the sensor will
continue logging only until the first threshold is reached. For example, if you
set the duration to five minutes with the number of packets to 1000, the sensor
will stop logging after the 1000th packet is captured, even if only
two minutes have elapsed.
|
Based on the parameters you specified, the sensor begins logging.
A log ID number will appear. If you later want to stop the logging session, you
will need this log ID. When you type in the command iplog-status, you will get a short version of the status of
the logging, as shown in Figure 5.22:
Sections
Comments (0 posted)
Syndication
