ip nat log translations syslog command
Does anyone know about ip nat log translaiton syslog operations?
We are logging nat with the ip nat translations command for various vrfs, and we noticed that 80% of the logging messages are DNS. Is there a way for us to filter DNS from being logged from the nat translations?
Thanks in advance
Comments
Hi tateedward1,
Please check the links below:
http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_nat.html#wp1050284
http://blog.ioshints.info/2008/12/nat-translation-logging.html
For filtering specifig logs/syslog messages you can use logging dicriminators. I used it in a real scenario to keep away logs with a NAT specific log message that was caused by an application that was programmed sloppy in the FTP part of it.
Check this:
https://supportforums.cisco.com/thread/2013224
Hi tateedward1,
This example might help you:
R2(config)#logging console
*Nov 5 06:17:35.775: %IPNAT-6-CREATED: tcp 1.1.1.1:56839 23.23.23.2:56839 3.3.3.3:23 3.3.3.3:23
R2(config)#logging discriminator LOGSUPRESS mnemonics drop ":23"
R2(config)#logging console discriminator LOGSUPRESS
R1#telnet 3.3.3.3 /so lo0
Trying 3.3.3.3 ... Open
User Access Verification
Password:
R2(config)#do show ip nat
R2(config)#do show ip nat translation
Pro Inside global Inside local Outside local Outside global
tcp 23.23.23.2:29726 1.1.1.1:29726 3.3.3.3:23 3.3.3.3:23
tcp 23.23.23.2:56839 1.1.1.1:56839 3.3.3.3:23 3.3.3.3:23
--- 23.23.23.2 1.1.1.1 --- ---
No telnet related translate log on console
Let's try to telnet on port 80
R1#telnet 3.3.3.3 80 /so lo0
R2(config)#
*Nov 5 06:19:25.131: %IPNAT-6-CREATED: tcp 1.1.1.1:28695 23.23.23.2:28695 3.3.3.3:80 3.3.3.3:80
you can use
logging buffered discrimiantor
logging monitor discriminator
logging host discriminator
commands to filter logs.
HAPPY STUDY
[:D]
Thank you so, so much...will try it shortly..
Thanks again,
From: "nnn" <[email protected]>
To: [email protected]
Sent: Thursday, November 17, 2011 7:40:29 PM
Subject: Re: [CCIE R&S] ip nat log translations syslog command
Hi tateedward1,
This example might help you:
R2(config)#logging console
*Nov 5 06:17:35.775: %IPNAT-6-CREATED: tcp 1.1.1.1:56839 23.23.23.2:56839 3.3.3.3:23 3.3.3.3:23
R2(config)#logging discriminator LOGSUPRESS mnemonics drop ":23"
R2(config)#logging console discriminator LOGSUPRESS
R1#telnet 3.3.3.3 /so lo0
Trying 3.3.3.3 ... Open
User Access Verification
Password:
R2(config)#do show ip nat
R2(config)#do show ip nat translation
Pro Inside global Inside local Outside local Outside global
tcp 23.23.23.2:29726 1.1.1.1:29726 3.3.3.3:23 3.3.3.3:23
tcp 23.23.23.2:56839 1.1.1.1:56839 3.3.3.3:23 3.3.3.3:23
--- 23.23.23.2 1.1.1.1 --- ---
No telnet related translate log on console
Let's try to telnet on port 80
R1#telnet 3.3.3.3 80 /so lo0
R2(config)#
*Nov 5 06:19:25.131: %IPNAT-6-CREATED: tcp 1.1.1.1:28695 23.23.23.2:28695 3.3.3.3:80 3.3.3.3:80
you can use
logging buffered discrimiantor
logging monitor discriminator
logging host discriminator
commands to filter logs.
HAPPY STUDY
INE - The Industry Leader in CCIE Preparation
http://www.INE.com
Subscription information may be found at:
http://www.ieoc.com/forums/ForumSubscriptions.aspx
Definitely you should try!!
HAPPY STUDY
[:D]
I would suggest to have a look the book Cisco Firewall ( Cisco Press writed by Morales) as well .There are many scenarios and features like flow accounting and nat or CBAC and Nat in IOS.
I really love this book!