From: asadovnikov (asadovnikov@comcast.net)
Date: Wed Sep 24 2003 - 01:26:45 GMT-3
I had a client with the same issue and they were successful finding the
offending host by using "log-input" option of an ACL. This logs both IP and
MAC address, so then finding actual host becomes very easy. Usual method of
reducing logging overhead as described by Jonathan works with ACL logging as
well. The logging tends to hit CPU lot less then debugging.
Best regards,
Alexei
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jonathan V Hays
Sent: Tuesday, September 23, 2003 4:34 PM
To: ccielab@groupstudy.com
Subject: RE: debug arp and cpu
plus "no logging console" followed by "logging buffered" cuts way down on
the CPU load.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
MADMAN
Sent: Tuesday, September 23, 2003 4:16 PM
To: Kurt Kruegel
Cc: ccielab@groupstudy.com
Subject: Re: debug arp and cpu
I have found offending hosts using a debug ip icmp. One time the
router crashed before I could do the undebug but the router was so busy
it really didn't matter since the customer was effectively down anyway..
dave
Kurt Kruegel wrote:
> i was thinking about using debug arp on an msfc to try to track some
welchia
> scans.
> any cpu issues trying this on a production router ? or should i just
sniff or
> try arpwatch ?
>
> thanks,
> kurt
>
> ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
>
This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:34 GMT-3