OK, i've taken a little advice from each response i got, i now have the Kiwi syslog server installed on a win2kPro system, and running/logging, I started logging on the router and added the word log to the end of each line i wanted to log events from. I set
logging trap debugging logging my.ip.address.here any recommendations on anything else. here's a few lines of what i get, does it look like it should, is there a way to get more, do i need any more? 10-01-2001 16:45:55 Local7.Info xxx.xxx.xxx.1 43653: 7w4d: %SEC-6-IPACCESSLOGP: list 120 denied tcp 64.163.113.170(2987) -> xxx.xxx.xxx.145(80), 1 packet 10-01-2001 16:45:45 Local7.Info xxx.xxx.xxx.1 43652: 7w4d: %SEC-6-IPACCESSLOGP: list 120 denied tcp 64.163.113.170(4736) -> xxx.xxx.xxx.123(80), 1 packet 10-01-2001 16:45:44 Local7.Info xxx.xxx.xxx.1 43651: 7w4d: %SEC-6-IPACCESSLOGP: list 120 denied tcp 64.108.1.13(2349) -> xxx.xxx.xxx.150(80), 1 packet 10-01-2001 16:45:37 Local7.Info xxx.xxx.xxx.1 43650: 7w4d: %SEC-6-IPACCESSLOGP: list 120 denied tcp 64.163.113.170(1607) -> xxx.xxx.xxx.206(80), 1 packet 10-01-2001 16:45:21 Local7.Info xxx.xxx.xxx.1 43649: 7w4d: %SEC-6-IPACCESSLOGP: list 120 denied tcp 64.163.113.170(1471) -> xxx.xxx.xxx.20(80), 1 packet 10-01-2001 16:45:18 Local7.Info xxx.xxx.xxx.1 43648: 7w4d: %SEC-6-IPACCESSLOGP: list 120 denied tcp 64.163.113.170(4689) -> xxx.xxx.xxx.203(80), 1 packet 10-01-2001 16:45:14
