02-25-2019 06:42 AM - edited 02-25-2019 06:46 AM
I was notified by the ISP that a SSH bruteforce attack was identified from our IP. Is it possible to log the traffic coming from LAN to internet with destination port 22?
02-25-2019 07:47 AM
02-25-2019 09:48 AM
If attack is active, command below might already show all those connections, and source IP
02-25-2019 10:17 AM
I dont understand why are you trying to divert the traffic? What is the logic that you are actually trying to solve the issue?
02-25-2019 11:11 AM
Than how can I access/search that log?
Everything will be logged to the system log, which is in /var/log/messages. Or you can access it with the show system log... commands.