user manual

Chapter 42 Viewing Router Information

Logging

42-34

Cisco Router and Security Device Manager 2.5 User’s Guide

OL-4015-12

• View Details—A link that opens a window containing the full log of attacks

against the chosen port.

If you choose Top Attackers from the View drop-down menu, the top-attacks table

displays entries with the following columns:

• Attacker’s IP Address—The IP address from which the attacks are coming.

• Number of attacks—The number of attacks that have come from the IP

address.

• Number of packets denied—The number of packets that have come from the

IP address and were denied access.

• View Details—A link that opens a window containing the full log of the

attacks from the chosen IP address.

Monitoring Firewall with a “Non-Administrator View” User Account

Firewall monitoring requires that Logging to Buffer be enabled on the router. If

Logging to Buffer is not enabled, log in to Cisco SDM using an Administrator

view account or a non-view based user account with privilege level 15 and

configure logging.

To configure logging in Cisco SDM, go to Additional Tasks > Router Properties

> Logging.

Application Security Log

If logging has been enabled, and you have specified that alarms be generated when

the router encounters traffic from applications or protocols that you have

specified, those alarms are collected in a log that can be viewed from this window.

In order for Application Security log entries to be collected, you must configure

logging for the router. Go to Additional Tasks > Router Properties > Logging.

Click Edit, and configure logging. To obtain firewall logging messages, you must

configure a logging level of informational (6), or higher. If you have already

configured logging for debugging(7), the log will contain application security log

messages.

The following is example log text:

*Sep 8 12:23:49.914: %FW-6-DROP_PKT: Dropping im-yahoo pkt

128.107.252.142:1481 => 216.155.193.139:5050