Copying Ip Log Files To Be Viewed - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Copying IP Log Files to Be Viewed

Copying IP Log Files to Be Viewed
Use the copy iplog log-id destination-url command to copy IP log files to an FTP or SCP server so that
you can view them with a sniffing tool such as WireShark or TCPDUMP.
The following options apply:
•
•
The exact format of the source and destination URLs varies according to the file. Here are the valid
types:
•
•
When you use FTP or SCP protocol, you are prompted for a password.
To copy IP log files to an FTP or SCP server, follow these steps:
Log in to the CLI.
Step 1
Monitor the IP log status with the iplog-status command until you see that the status reads completed
Step 2
for the log ID of the log file that you want to copy:
sensor# iplog-status
Log ID:
IP Address:
Virtual Sensor:
Status:
Start Time:
Packets Captured:
Log ID:
IP Address:
Virtual Sensor:
Status:
Event ID:
Start Time:
End Time:
sensor#
Step 3 Copy the IP log to your FTP or SCP server:
sensor# copy iplog 2342 ftp://root@10.16.0.0/user/iplog1
Password: ******** Connected to 10.16.0.0 (10.16.0.0). 220 linux.machine.com FTP server
(Version wu-2.6.0(1) Mon Feb 28 10:30 :36 EST 2000) ready. ftp> user (username) root 331
Password required for root. Password:230 User root logged in. ftp> 200 Type set to I. ftp>
put iplog.8518.tmp iplog1 local: iplog.8518.tmp remote: iplog1 227 Entering Passive Mode
(2,4,6,8,179,125) 150 Opening BINARY mode data connection for iplog1. 226 Transfer
complete. 30650 bytes sent in 0.00246 secs (1.2e+04 Kbytes/sec) ftp>
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
8-6
log-id—The log ID of the logging session. You can retrieve the log ID using the iplog-status
command.
destination-url—The location of the destination file to be copied. It can be a URL or a keyword.
ftp:—Destination URL for an FTP network server. The syntax for this prefix is:
ftp:[//[username@] location]/relativeDirectory]/filename
ftp:[//[username@]location]//absoluteDirectory]/filename
scp:—Destination URL for the SCP network server. The syntax for this prefix is:
scp:[//[username@] location]/relativeDirectory]/filename
scp:[//[username@] location]//absoluteDirectory]/filename
2425
10.1.1.2
vs0
started
2003/07/30 18:24:18 2002/07/30 12:24:18 CST
1039438
2342
10.2.3.1
vs0
completed
209348
2003/07/30 18:24:18 2002/07/30 12:24:18 CST
2003/07/30 18:34:18 2002/07/30 12:34:18 CST
Chapter 8 Configuring IP Logging
78-16527-01