ACE logging - rserver and probes

Similar Messages

• How the ACE handles rserver failures

  Hello
  I've got a question re: the ACE module.
  Lets say I have 2 web rservers and I have a probe interval for checking them from the ACE of 10 seconds.
  Lets say a probe just passed and it is 10 seconds before the next one. The ACE will think the rserver is ok. Then say the rserver httpd service is stopped at 3 seconds after the last successful probe, therefore leaving 7 seconds before the ACE is going to send another probe. The ACE will think it is still 'up' before the next probe is sent.
  Given the above, what happens to a) existing connections to the newly failed rserver and b) new connections if the failure occurs between probes?
  How does the ACE handle this situation?
  Are there any differences between how the ACE handles this between A1 and A2 versions of software?
  Thanks
  Cameron

  URL rewrite only comes into play when REAL Server (Rserver )sends a clear text redirect. Such as 302 for http://investor.nice360.com. If client recieves this 302 it will attempt the next request using HTTP.With Url rewrite feature we configure ACE to change these redirects from Http tp HTTPS.
  What you are looking for is a simple redirection of client request from port 80 to port 443. This can be achieved using redirect server farm and redirect rserver.
  You will need to create two sets of configs (class-maps, rserver, sfarm,policy map) for port 80 & port 443 traffic. Port 80 policy will simply redirect the port 80 request to port 443.
  Following example will give you some idea
  rserver redirect HTTP2HTTPS
  webhost-redirection https://%h%p 301
  inservice
  serverfarm redirect HTTP2HTTP-SF
  rserver HTTP2HTTPS
  inservice
  class-map match-all WEB-HTTP
  2 match virtual-address 172.25.250.245 tcp eq http
  class-map match-all WEB-HTTPS
  2 match virtual-address 172.25.250.245 tcp eq 443
  policy-map type loadbalance first-match HTTP2HTTPS-POLICY
  class class-default
  serverfarm HTTP2HTTPS-SF
  policy-map type loadbalance first-match L7-POLICY
  class class-default
  sticky-serverfarm STICKY_IP
  policy-map multi-match L4-POLICY
  class WEB-HTTP
  loadbalance vip inservice
  loadbalance policy HTTP2HTTPS-POLICY
  loadbalance vip icmp-reply
  class WEB-HTTPS
  loadbalance vip inservice
  loadbalance policy L7-POLICY
  loadbalance vip icmp-reply
  ssl-proxy server INVESTOR-CLIENT
  Syed

• Sniffer Trace on ACE w/VACLs and One-Arm Design

  Wow...that was a mouthful of a title!
  Here is what I'm trying to accomplish. There is an application that is having issues. This application is being load balanced by the ACE. The ACE is configured in a One-Armed design. Essentially the application flow is as follows:
  client --> ACE VIP --> SNAT Pool --> rserver and then the reverse.
  The vlan for my ACE is 3002. It is the only vlan in this context. I have a WildPackets OmniEngine connected to port on the 6500. Here is its config:
  interface GigabitEthernet x/xx
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  switchport nonegotiate
  switchport capture
  switchport capture allowed vlan 3002
  no ip address
  no cdp enable
  Here is the problem. When I take a trace I only see the back half of the conversation. That is I only see from the SNAT pool IPs to the rservers and back. I need to be able to see the conversation between the client IPs and the VIP. Does anyone know how this can be done? If you need more details or have questions please fire away! Thanks for the help...
  bc

  This can be done by setting up a monitor session on the Sup, with the
  TenGig/1 as SPAN
  source, and a trunk port as SPAN destination.
  For example, if the ACE is in slot X, the configuration would be:
  monitor session 10 source interface TeX/1
  monitor session 10 destination interface Giy/z
  The configuration for this port would be:
  int giy/z
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  switchport nonegotiate
  Syed Iftekhar Ahmed

• ACE how to debug probes

  Hi,
  We have several probes configured for our serverfarms. Some of the probes and rservers are alerting for timeouts or regex's not found etc.
  What's the best way to check if this is a rserver or probe problem ? Using captures ?
  Or is it possible to debug the probes ?
  Regards,
  Sebastian

  Hi Gilles,
  I am trying to capture the packets but i run into a problem :
  I create an access-list :
  access-list CAPTURE1 line 8 extended permit ip any host 172.30.9.101
  access-list CAPTURE1 line 16 extended permit ip host 172.30.9.101 any
  The I create the capture :
  capture CAPTURE all access-list CAPTURE1 bufsize 5000 circular-buffer
  Start the capture :
  capture CAPTURE start
  Make some bogus connection :
  telnet 172.30.9.101 80
  Trying 172.30.9.101...
  Connected to 172.30.9.101.
  Escape character is '^]'.
  HTTP/1.1 400 Bad Request
  Server: Microsoft-IIS/5.0
  Date: Tue, 15 Apr 2008 11:44:35 GMT
  Content-Type: text/html
  Content-Length: 87
  ErrorThe parameter is incorrect. Connection closed by foreign host.
  Stop the capture :
  capture CAPTURE stop
  Then when i want to display the results, nothing is displayed :
  sh capture CAPTURE
  What am I doing wrong here ?
  Regards,
  Sebastian

• ACE logging hassle - GLBP m-cast denies...

  Need some ideas:
  Have a pair of ACE's in front of a data center application.  The outside interfaces are properly denying GLBP m-cast traffic from the attached pair of 6509's on the same VLAN.
  2/14/2011,10:04:11 AM,10.147.254.2,???,LOCAL4,WARNING,:%ACE-4-106023: Deny udp src vlan2577:165.201.107.195/3222 dst undetermined:224.0.0.102/3222 by access-group "Public" [0xffffffff, 0x0]
  2/14/2011,10:04:11 AM,10.147.254.2,???,LOCAL4,WARNING,:%ACE-4-106023: Deny udp src vlan2577:165.201.107.194/3222 dst undetermined:224.0.0.102/3222 by access-group "Public" [0xffffffff, 0x0]
  These messages or normal and expected but the denies fill up the ACE log to the tune of 30MB per day. I've looked at...
  To tune out specific syslog messages:
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_2_7/configuration/system/message/guide/config.html#wp1069411
  ACE Syslog message guide:
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/system/message/guide/messags.html#wp1145672
  ...but it appears if I tune out this syslog message 106023, I lose all deny reporting - don't want to do that.
  Here is the existing ACL-list:
  access-list Public remark Inbound Traffic
  access-list Public line 1 extended permit icmp any any
  access-list Public line 10 extended permit tcp any any eq https
  access-list Public line 11 extended permit tcp any any eq www
  I really don't want to recommend passing this m-cast traffic through the ACE, no purpose for it behind the ACE. Nor do I want to slow down the GLBP hellos just to solve a log record annoyance.
  Any ideas on how I can reduce or eliminate these deny messages from the ACE log withough losing all deny visibility?
  Thanks,
  m.

  Still no joy on this one, but there was some faint hope with the solution below for ASA FW's that I got from engineering inside Cisco (Not TAC). Unfortunately, the ACE does not support the required 'shun' command. Thought I would just post the ASA solution in case folks run across this issue in other environments and maybe, just maybe, we can get the shun command on the ACE.
  Shunning allows you to black-hole or refuse particular traffic at an interface based upon source-destination addressing.  This action would also be logged, but with 'shun' you can also assign a unique SYSLOG ID to the shunned traffic and so tune it out completely from the logging. If it doesn't, then there is no elegant solution.
  So, check out whether the ACE has the shun command available  in it. If it has the command, then the following should apply:
  Possible workaround-
  shun 10.17.84.2 239.192.2.0 2222 2222
  That way you'll get different syslog message ID for shun traffic and you can disable logging for that traffic by-
  no logging message
  Reference
  http://www.cisco.com/en/US/docs/security/asa/asa71/system/message/logmsgs.html#wp1279897
  http://www.cisco.com/en/US/docs/security/asa/asa71/system/message/logconf.html#wp1067974

• I wonder to know what is the enterprise solution for windows and application event log management and analyzer

  Hi
  I wonder to know what is the enterprise solution for windows and application event log management and analyzer.
  I have recently research and find two application that seems to be profession ,1-manageengine eventlog analyzer, 2- Solarwinds LEM(Solarwind Log & Event Manager).
  I Want to know the point of view of Microsoft expert and give me their experience and solutions.
  thanks in advance.

  Consider MS System Center 2012.
  Rgds

• Iv downloaded the 0845 wizard from the App Store. Registered my details and it has been working. But for some reason it won't let me log in and keep saying failed every time I try to use it. Iv deleted and re-downloaded the app and it still says the same?

  Iv downloaded the 0845 wizard from the App Store. Registered my details and it has been working. But for some reason it won't let me log in and keep saying failed every time I try to use it. Iv deleted and re-downloaded the app and it still says the same?

  I would say to start by looking on their web site... unfortunately, that appears to be dead.
  Based on the horrible ratings on the App Store (1 star for the current version), I'm not surprised it doesn't work well.

• Every time I log in and try to post I get error message

  Error
  An error has occurred. We apologize for the inconvenience.
  Useful links:
  Forum Home -- browse the forums here.
  Search Forums -- visit the search page to query all forum content.
  Then I have to hit "Forum Home" re-log in, and then go and find the thread that I wanted to post to. Please fix Apple.

  When that error appears, you will have an URL in the address bar such as:
  http://discussions.apple.com/login.jspa?successURL=/index.jspa
  Deleting the text between the third and fourth / characters as well as one of them should take you to the page you originally wanted to go to, without needing to log in again.
  (22282)

• Reading log file and calculating time between

  If someone could help me with this one, I would be very grateful.
  I have a log file and I need to search a string that contains a start time and end time (eg. <time="11:10:58.000+000">). When I have these two values, I need to measure the time that has been elapsed between these two (from start to end).

  $Path="C:\Times.log"
  remove-item $Path
  Add-Content $Path '<time="11:10:58.000+000">'
  Add-Content $Path '<time="12:10:58.000+000">'
  Add-Content $Path '<time="13:10:58.000+000">'
  Add-Content $Path '<time="15:13:38.000+000">'
  Add-Content $Path '<time="16:10:58.000+000">'
  Add-Content $Path '<time="17:08:28.000+000">'
  $File=Get-Content $Path
  $StartTime=$Null
  $EndTime=$Null
  $ElapsedTime = $Null
  ForEach ($Line in $File)
  If ($Line.Contains("time="))
  $Position = $Line.IndexOf("time=")
  $TimeStr =$Line.SubString($Position+6,8)
  IF ($StartTime -EQ $Null)
  $StartTime = $TimeStr -As [System.TimeSpan]
  Else
  $EndTime = $TimeStr -As [System.TimeSpan]
  $ElapsedTime = $EndTime.Subtract($StartTime)
  "StartTime=$StartTime EndTime=$EndTime ElapsedTime=$ElapsedTime"
  $StartTime = $Null
  Gives this output
  StartTime=11:10:58 EndTime=12:10:58 ElapsedTime=01:00:00
  StartTime=13:10:58 EndTime=15:13:38 ElapsedTime=02:02:40
  StartTime=16:10:58 EndTime=17:08:28 ElapsedTime=00:57:30

• Logging HTTP and/or SOAP packets in standalong OC4J v10.1.3.2

  I'm running OC4J standalone v10.1.3.2 on RH5 linux. I'd like to know how to turn on logging so that all incoming HTTP data can be viewed.
  I've basically got a Web Service which is failing to execute from some clients (but not all) due to a SOAP11 version mismatch problem. If I could see the incoming HTTP and/or SOAP request then I could determine where the inconsistency is coming from.
  Here's an extract of the returned SOAP error:
  <faultcode>env:VersionMismatch</faultcode>
  <faultstring>Version Mismatch</faultstring>
  <faultactor>http://schemas.xmlsoap.org/soap/actor/next</faultactor>
  I've tried editing j2ee-logging.xml and set the logging level to FINEST and TRACE but it's still not logging out the HTTP traffic.
  Any ideas welcomed,
  Thanks

  Andy,
  Which log files are you looking at? There is a server.log that will be impacted when you set the logging level to FINEST. Since you want to look at http requests, have you considered using Fiddler on the client side? It's pretty verbose but you can see all sorts of info including data posted to forms.
  -Michael
  PS
  URL:
  http://www.oracle.com/technology/tech/java/oc4j/htdocs/oc4j-logging-debugging-technote.htmlTake a look at the "Debug Options in OC4J" section. There are several HTTP debugging options listed.
  Edited by: Michael F. Hardy on Dec 17, 2008 9:40 AM

• I cannot log onto sites that require my log in and password. I get no error message, fire fox just goes back to the same empty log in screen. this problem is not limited to one site. I reloaded firefox with same results.

  When i type in my log in and password and enter, the site either returns to the blank screens or does nothing. This is not limited to one or two sites. all of my financial institutions, electric company, insurance companies, even trying to register here so that i could ask this questions. In this situation, when i hit the register button, nothing happend, its as iff the button is inactive. i had to go to IE to register and post this question. I just tried to enter my new log in and pw on the screen in fire fox and nothing happens. Some sites behave differently when i hit the submit or log in button. the information seems to be transmitted but the screen comes right back to the original log in screen with blank fields. there are no error instructions that something does not match or is missing. then i go to IE and it works.
  This started a few weeks ago. I cant identify anything that was added around that time but i tried a system restore and that did nothing. i deleted fire fox and downloaded the latest version 3.6.13 and it is still happening

  This issue can be caused by corrupted cookies.
  Clear the cache and the cookies from sites that cause problems.
  "Clear the Cache":
  * Tools > Options > Advanced > Network > Offline Storage (Cache): "Clear Now"
  "Remove Cookies" from sites causing problems:
  * Tools > Options > Privacy > Cookies: "Show Cookies"
  *http://kb.mozillazine.org/Cookies

• When I log into a site, Firefox doesn't recognize I have logged in and asks me to log in again and again. I never get past this phase. It has to do with some setting but I don't know how to fix it.

  Firefox is not recognizing that I have logged into a web page with user name and password. It is stuck on the log in page. Where do I change the Firefox settings so it recognizes the log in and password and lets me into the site? I have had this user name and password for several months so I know it works.

  It may be that you have cookies disabled, do any of the sites tell you that you need to enable cookies? Check if cookies are enabled: [[Enabling and disabling cookies]]

• I have been trying to log onto the Wounded Warriors Program Portal.  I can Log in and then when I click on the rewards it tried to go to the page the just takes me back to the same page I was on.  This is very frustrating.

  I have been trying to log onto the Wounded Warriors Program Portal.  I can Log in and then when I click on the rewards it tried to go to the page the just takes me back to the same page I was on.  This is very frustrating.  I am new to the Mac World so please bare with me.  Please tell me there is help somewhere for this issue.  It seems it is blocked or not letting me through.  Can anyone please help me out.  Thanks 

  Both Mail and Safari have Activity Options that open a  screen that shows you just how the site or mail is loading.
  In Safari if you are having trouble with a site in activity you will see the count of items being downloaded - and if an error occurs it shows red.
  On the top is the number of items it is loading or trying to load and the count should be increasing.   If the count stops, and you don't have errors it may be that too many people are going after the same site and your request just timed out. Have had the time out on a news site when trying to load a most popular article.

• HT202159 I have been on to apps store logged in and gone on my purchurse to try and re down load Mountin Lion however it just states an error as accord I can't get it to re down load to launch pad in lion

  I have been on to apps store logged in and gone on my purchurse to try and re down load Mountin Lion however it just states an error as accord I can't get it to re down load to launch pad in lion

  1. You did not get an error message telling you that your iPhoto library was getting full. You got a message telling you that your HD was getting full, right?
  OS X needs about 10 gigs of hard drive space for normal OS operations - things like virtual memory, temporary files and so on.
  Without this space your Mac will slow down as the OS hunts for space on the disk, files will be fragmented, also slowing things down, apps will crash and the risk of data corruption - that is damage to your files, photos, music - increases exponentially.
  Your first priority is to make more space on that HD. Nothing else can be done until you do.
  Purchase an external HD and move your Photos and Music to it. Both iPhoto and iTunes can run perfectly well with the Library on an external disk.
  Your Library has been damaged from being run on an overfull disk.
  How much free space on it now?

• I am trying to log in to a website I push log in and it refreshes and goes to the home page. I have reset my phone but that didn't help. What do I do?

  This is my first time doing this but I need help, I don't know if this is fixable but its okay to ask right? But yeah i push log in and it refrshes and goes to the home page so I don't know what to do, and I've reset my iPod before aand that didn't work.

  Try resetting the iPod >  iPod touch: Turning off and on (restarting) and resetting