ip nat log translations syslog command

Does anyone know about ip nat log translaiton syslog operations?

We are logging nat with the ip nat translations command for various vrfs, and we noticed that 80% of the logging messages are DNS. Is there a way for us to filter DNS from being logged from the nat translations?

Thanks in advance

Comments

  • Hi tateedward1,

    Please check the links below:

    http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_nat.html#wp1050284

    http://blog.ioshints.info/2008/12/nat-translation-logging.html

    Does anyone know about ip nat log translaiton syslog operations?

    We are logging nat with the ip nat translations command for various vrfs, and we noticed that 80% of the logging messages are DNS. Is there a way for us to filter DNS from being logged from the nat translations?

    Thanks in advance

     

  • For filtering specifig logs/syslog messages you can use logging dicriminators. I used it in a real scenario to keep away logs with a NAT specific log message that was caused by an application that was programmed sloppy in the FTP part of it.

    Check this:

    https://supportforums.cisco.com/thread/2013224

     

  • Hi tateedward1,

    This example might help you:

    R2(config)#logging console
    *Nov  5 06:17:35.775: %IPNAT-6-CREATED: tcp 1.1.1.1:56839 23.23.23.2:56839 3.3.3.3:23 3.3.3.3:23
    R2(config)#logging discriminator LOGSUPRESS mnemonics drop ":23"
    R2(config)#logging console discriminator LOGSUPRESS

    R1#telnet 3.3.3.3 /so lo0
    Trying 3.3.3.3 ... Open


    User Access Verification

    Password:

    R2(config)#do show ip nat
    R2(config)#do show ip nat translation
    Pro Inside global      Inside local       Outside local      Outside global
    tcp 23.23.23.2:29726   1.1.1.1:29726      3.3.3.3:23         3.3.3.3:23
    tcp 23.23.23.2:56839   1.1.1.1:56839      3.3.3.3:23         3.3.3.3:23
    --- 23.23.23.2         1.1.1.1            ---                ---

    No telnet related translate log on console

    Let's try to telnet on port 80

    R1#telnet 3.3.3.3 80 /so lo0

    R2(config)#
    *Nov  5 06:19:25.131: %IPNAT-6-CREATED: tcp 1.1.1.1:28695 23.23.23.2:28695 3.3.3.3:80 3.3.3.3:80

    you can use

    logging buffered discrimiantor

    logging monitor discriminator 

    logging host discriminator

    commands to filter logs.

    HAPPY STUDY

    [:D]

  • Thank you so, so much...will try it shortly..

     

    Thanks again,

     



     



    From: "nnn" <[email protected]>
    To: [email protected]
    Sent: Thursday, November 17, 2011 7:40:29 PM
    Subject: Re: [CCIE R&S] ip nat log translations syslog command


    Hi tateedward1,

    This example might help you:

    R2(config)#logging console
    *Nov  5 06:17:35.775: %IPNAT-6-CREATED: tcp 1.1.1.1:56839 23.23.23.2:56839 3.3.3.3:23 3.3.3.3:23
    R2(config)#logging discriminator LOGSUPRESS mnemonics drop ":23"
    R2(config)#logging console discriminator LOGSUPRESS

    R1#telnet 3.3.3.3 /so lo0
    Trying 3.3.3.3 ... Open


    User Access Verification

    Password:

    R2(config)#do show ip nat
    R2(config)#do show ip nat translation
    Pro Inside global      Inside local       Outside local      Outside global
    tcp 23.23.23.2:29726   1.1.1.1:29726      3.3.3.3:23         3.3.3.3:23
    tcp 23.23.23.2:56839   1.1.1.1:56839      3.3.3.3:23         3.3.3.3:23
    --- 23.23.23.2         1.1.1.1            ---                ---

    No telnet related translate log on console

    Let's try to telnet on port 80

    R1#telnet 3.3.3.3 80 /so lo0

    R2(config)#
    *Nov  5 06:19:25.131: %IPNAT-6-CREATED: tcp 1.1.1.1:28695 23.23.23.2:28695 3.3.3.3:80 3.3.3.3:80

    you can use

    logging buffered discrimiantor

    logging monitor discriminator 

    logging host discriminator

    commands to filter logs.

    HAPPY STUDY

    Big Smile




    INE - The Industry Leader in CCIE Preparation
    http://www.INE.com

    Subscription information may be found at:
    http://www.ieoc.com/forums/ForumSubscriptions.aspx
  • Thank you so, so much...will try it shortly..

     

    Thanks again,

    Definitely you should try!!

    HAPPY STUDY

    [:D]

  • I would suggest to have a look the book Cisco Firewall ( Cisco Press writed by Morales) as well .There are many scenarios and features like flow accounting and nat or CBAC and Nat in IOS.

    I really love this book!

Sign In or Register to comment.