Good morning everyone!
We have been seeing some interesting behavior on our authentication servers that i want to investigate. I was wondering if there is a way to log or view inbound connections that are hitting our MX100 without doing a mass packet capture on the WAN interface. Anybody have some ideas?
Thanks!
Dylan.
Solved! Go to solution.
I wish, but these events arent being picked up by the event log.
Honestly, I'd just do the large pcap off your WAN interface and crunch it in Wireshark. I find the filtering in Wireshark proper to be much more useful and predictable in behavior.
I was hoping to avoid that but its looking i may need to do that. Thanks!
What type of auth is this that you are talking about going across the WAN (RDP, AD, SSL, VPN, etc.)?
You'll have to use syslog unfortunately.
I've been faced with having to do large packet captures as well before. One option I wish the Meraki packet capture function had was to only capture just the first 64 bytes like in Wireshark.
Actually - I'm going to make a wish for this now.