大家或多或少会遇在使用Cisco 的安全产品时,如何排除故障 如何收集有效信息?下面我们将给出一些常用命令用于收集信息:
1、ASA 和 PIX 产品
最重要的两个利器
1) Syslog server 记录日志
logging on
logging timestamp
logging trap information
logging host inside x.x.x.x (syslog server)
2)Capture 抓包
Step 1: create ACL for both inside and outside Interface
! Outside Capture ACL
Access-list 100 permit tcp host 192.168.2.2 host 198.133.219.25 eq 80
Access-list 100 permit tcp host 198.133.219.25 eq 80 host 192.168.2.2
! Inside Capture ACL
Access-list 101 permit tcp host 10.1.3.2 host 198.133.219.25 eq 80
Access-list 101 permit tcp host 198.133.219.25 eq 80 host 10.1.3.2
Step 2: create captures on both inside and outside interface
capture out access-list 100 interface outside packet-length 1500
capture in access-list 101 interface inside packet-length 1500
Step 3: have inside user access www.cisco.com
Step 4: copy the captures off to a TFTP server
! ver 7.0+ copy capture
copy /pcap capture:out tftp://10.1.3.5/out.pcap
copy /pcap capture:in tftp://10.1.3.5/in.pcap
! Ver 6.x copy capture
copy capture:out tftp://10.1.3.5/out.pcap pcap
copy capture:in tftp://10.1.3.5/in.pcap pcap
OR copy using https:
https://
Guard / Detector 出现故障抓取那些信息
On Guard / Detector
show version
show interface
show reports
show log
show rates details
show rates history
show cpu
show daiagnostic-info detail
show zone
show
show
show running-config all
show disk-usage/flash-usage (appliance/module)
show resources
show zone xxx log
On C6500/C7600
show anomaly-guard module X port X traffic
show anomaly-detector module X data-port X traffic
FWSM 出现故障抓取那些信息
On single mode
show tech
show cpu usage
show traffic
show perfmon
show blocks
show memory
show xlate count
show conn count
show interface
show processes
show local-host
show logplease automate the collection of show np <#> stats
- show np <[1-3]> stats
- show np <[1-3]> semaphore
- show np <[1-3]> pc
On multicontext mode
a, On system context
FWSM# show resource usage all
FWSM# show resource usage detail
FWSM# show resource usage summary
FWSM# show resource usage summary detail
FWSM# show resource allocation
FWSM# show resource allocation detail
FWSM# show resource acl-partition
FWSM# show cpu usage
FWSM# show memory
On problematic context
FWSM/context# show perfmon
FWSM/context# show perfmon detail
FWSM/context# show traffic
FWSM/context# show traffic detail
FWSM/context# show cpu usage
FWSM/context# show memory
FWSM/context# show xlate count
FWSM/context# show conn count
FWSM/context# show interface
收集ASA CSC module 的流量信息,通过抓包方式:
1.Enable CSC dataplane capture:
1.1. login to ASA command prompt
1.2. Issue CLI command:
capture csc_cap interface asa_dataplane buffer 10485760
(This example uses 10MB capture buffer)
2. Start web browsing until the issue occurs
3. Collect CSC dataplane capture from ASA
3.1. login to ASA command prompt
3.2. copy /pcap capture:csc_cap tftp://IP/path
3.3. Stop capturing: no capture csc_cap interface asa_dataplane
5、收集ACS server 的所有logging 信息方法:
ACS for solution engine
Follow the steps to generate a Package.cab file.
Step 1 System Config --> Service control - Level of detail =Full
Step 2 System config --> Support --> run support now , it will generate a file called package.cab
ACS for windows
By default, the logging level in the system configuration is set to Low. When you encounter a problem, you must log all messages by setting the logging level to Full. The Full setting causes ACS to collect all debugging information.
To enable Full logging:
--------------------------------------------------------------------------------
Step 1 Choose System Configuration > Service Control.
Step 2 Choose Full for the Level of Detail in the Service Log File Configuration pane.
Step 3 Run a few tests that you are certain will fail.
Step 4 Run cssupport.exe from C:\Program Files\CiscoSecure ACS v4.1\bin\cssupport.exe. The default location for the package.cab file is \
本文源文件来自: http://www.ixpub.net/thread-899094-1-16.html
