大家或多或少会遇在使用Cisco 的安全产品时，如何排除故障 如何收集有效信息？下面我们将给出一些常用命令用于收集信息：

1，ASA 和 PIX 产品

最重要的两个利器
1） Syslog server 记录日志
logging on
logging timestamp
logging trap information
logging host inside x.x.x.x (syslog server)

2）Capture 抓包
Step 1: create ACL for both inside and outside Interface
! Outside Capture ACL
Access-list 100 permit tcp host 192.168.2.2 host 198.133.219.25 eq 80
Access-list 100 permit tcp host 198.133.219.25 eq 80 host 192.168.2.2
! Inside Capture ACL
Access-list 101 permit tcp host 10.1.3.2 host 198.133.219.25 eq 80
Access-list 101 permit tcp host 198.133.219.25 eq 80 host 10.1.3.2

Step 2: create captures on both inside and outside interface
capture out access-list 100 interface outside packet-length 1500
capture  in access-list 101 interface  inside packet-length 1500

Step 3: have inside user access www.cisco.com <http://www.cisco.com/>

Step 4: copy the captures off to a TFTP server
! ver 7.0+ copy capture
copy /pcap capture：out tftp://10.1.3.5/out.pcap
copy /pcap capture:in tftp://10.1.3.5/in.pcap

! Ver 6.x copy capture
copy capture：out tftp://10.1.3.5/out.pcap pcap
copy capture:in tftp://10.1.3.5/in.pcap pcap
OR copy using https:
https://<FW_IP>/capture/out/pcap