Activity log/audit trail log on asa
my customer is asking how to have an audit trail log and activity log on there ASA.
I need help please.
Thanks
Use a AAA server such as Cisco ACS (http://www.cisco.com/en/US/products/sw/secursw/ps2086/index.html)
Hope that helps.
Similar Messages
-
Error during netlist generation and log audit trail error
I am not able to run the simulation application on my Multisim 10. The two following error were generated every time I try to run the simultion:
Error: log /Audit Trail, C: \document~1\xxx: Permission denied
Error during netlist generation, C:\document~1\xxx: Permision denied
Can any body help me fix this problem that make it impossible for me to use the Multisim10 simualtion tool?There are two KBs I would like for you to see, since they might have the answer to the problem you are having:
1. This KB is related to having access to the TEMP directories where Multisim stores temp files for simulation:
http://digital.ni.com/public.nsf/allkb/15526EB2464F3EDD8625722C00696BB0
2. This other KB deals with non-Administrator users of Windows, it talks about v9 but the idea is the same for v10, just look for the v10 installation paths:
http://digital.ni.com/public.nsf/allkb/0DF597C217A235BE862571FB004F24BD
Nestor
National Instruments -
Audit Trail Log for Sharepoint Foundation 2010
Hi all,
Does SharePoint Foundation 2010 have the ability to Audit user actions including opening documents, editing permsions, etc ?
What is the different with audit trail for Sharepoint 2010 and WSS 3.0?
Thank you
Rgds,I agree with Kamil Jurik. There is no auditing feature in SharePoint Foundation edition. The auditing feature is a SharePoint Enterprise feature. But yes there are free utilities on the web, like on codeplex and other. And if you are good in coding then
you may develop your own custom solution as given in a tech article:
http://msdn.microsoft.com/en-us/magazine/cc794261.aspx
Thanks & Best Regards,
Zakir Chougle || SharePoint Developer
Please click "Propose
As Answer" if a post solves your problem, or "Vote
As Helpful" if a post has been useful to you -
Location or file name for Audit Trail Logs in Outlook
Is it possible to trace down each activity on outlook by it's log file (not sure if it's even generated). For example: If I need to check if my outlook mailbox has been updated with the Exchange Server 6 months back. And if not what was the error message
came at that point of time.
I am pretty sure it can be checked through the log file where it keep the track of all the errors for some particular timeline but not sure if it is generated by outlook.
Thank you.Hi ,
1.If you wanted to know when an particular mailbox user has contacted an exchange server.You can use the below mentioned command to know the status.
get-mailboxstatistics -identity "nithya" | ft displayname,*logon* -au
2.In case if you wanted to track down the delegated and mailbox owner related activities for an individual mailbox , you can make use of mailbox audit logs.But by default it will not be enabled we need to enable the audit for the mailboxes manually.
3.In case if you wanted to track down the Exchange Admin related activities in exchange oraganisation,you can make use of Admin Audit logs.
Please feel free to reply me if you have any queries.
Thanks & Regards S.Nithyanandham -
Using wliconsole's process instance monitoring and audit trail
Hello,
I have couple of questions about wliconsole's process monitoring capabilities to be able to use in real production environments.
1. Is it possible to add some custom data to the Process Instance Summary table? For example, we would like to show the party that send the initial request, and some internal process type information.
2. How can we achieve audit trail logging when we have several processes? For example, we have business processes that span over several wli-processes, and our process is split into several re-usable sub-processes. And the audit trail stops at the process boundaries. Finding the corresponding sub-processes is quite a challenge now.
Thanks,
Timo Lukumaa
Reaktor Innovations www.ri.fiThe WLI version we're about to use is 8.1 sp2.
One question more:
3. Is there somekind of metadata or resource directory in wliconsole or some place else?
We're about use a SOA style architecture where re-usable business logic is modeled as web services.
So we would like to have one place (a web page) where the available services could be seen and corresponding WSDLs and schemas downloaded.
Or are we just looking at the wrong product? ;)
Thanks,
Timo -
Turning audit trail off?
Hi,
is it possible to turn off audit trail logging, preferably on a per process basis?
Thanks, Jeroen.
PS We are using BPEL Server version 2.1.2 with the Eclipse plugin 2.2.Thanks, but I am not sure that dehydration is my issue here. Dehydration as I understand it, is storing the state of the process on the database while the process has not yet finished. My question is about keeping a record of the process AFTER it has finished.
The context is a process we want to call very frequently and that we do not need to keep a record of. Currently, audit trails of finished instances will fill up the database rapidly. We have found a system-wide setting ("auditLevel Off") not to keep these instances around, but this will apply to all processes. What we want to achieve is to apply this to selected processes only (and not having to go repeatedly through a manual action to delete the instances).
Alternatively, and second best but workable, would be a script that runs periodically and tells the server to delete selected instances.
Thanks for any suggestions!
Jeroen. -
Audit Vault 12.1.1 error creating audit trail with TRANSACTION LOG
Hi,
i installed AV 12.1.1 , the DB target is with Data Guard.
when i run the script oracle_user_setup with the mode REDO_COLL the final message is that was succesfull , but when i go to the AV console and try to create an audit trail with TRANSACTION LOG the AV console shows me an error and the log shows me this :
[2013-10-16T03:37:18.593-05:00] [collfwk] [ERROR] [] [] [tid: 10] [ecid: 192.168.56.8:78800:1381912639433:0,0] RedoCollector : runSourceScript : Error while running script on source for REDO collector.
[2013-10-16T03:37:19.528-05:00] [collfwk] [ERROR] [] [] [tid: 10] [ecid: 192.168.56.8:78800:1381912639433:0,0] OAV-8004: Failed to start collector {0}:{1}CollectionFactory : createCollection : Exception while creating collection. [[
Failed to start collector {0}:{1}
at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.runSourceScript(RedoCollector.java:816)
at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.sourceSetup(RedoCollector.java:579)
at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.setup(RedoCollector.java:454)
at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.startCollector(RedoCollector.java:216)
at oracle.av.platform.agent.collfwk.impl.redo.RedoCollectorManager.startTrail(RedoCollectorManager.java:199)
at oracle.av.platform.agent.collfwk.impl.factory.CollectionFactory.createCollection(CollectionFactory.java:504)
at oracle.av.platform.agent.collfwk.impl.factory.CollectionFactory.createCollection(CollectionFactory.java:354)
at oracle.av.platform.agent.StartTrailCommandHandler.processMessage(StartTrailCommandHandler.java:63)
at oracle.av.platform.agent.AgentController.processMessage(AgentController.java:325)
at oracle.av.platform.agent.AgentController$MessageListenerThread.run(AgentController.java:1859)
at java.lang.Thread.run(Thread.java:679)
Nested Exception:
java.sql.SQLSyntaxErrorException: ORA-01031: insufficient privileges
ORA-06512: at line 1
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:445)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:396)
at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:879)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:450)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:192)
at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:531)
at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:207)
at oracle.jdbc.driver.T4CPreparedStatement.executeForRows(T4CPreparedStatement.java:1044)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1329)
at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3584)
at oracle.jdbc.driver.OraclePreparedStatement.execute(OraclePreparedStatement.java:3685)
at oracle.jdbc.driver.OraclePreparedStatementWrapper.execute(OraclePreparedStatementWrapper.java:1376)
at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at oracle.ucp.jdbc.proxy.StatementProxyFactory.invoke(StatementProxyFactory.java:230)
at oracle.ucp.jdbc.proxy.PreparedStatementProxyFactory.invoke(PreparedStatementProxyFactory.java:124)
at $Proxy2.execute(Unknown Source)
at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.runSourceScript(RedoCollector.java:747)
at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.sourceSetup(RedoCollector.java:579)
at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.setup(RedoCollector.java:454)
at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.startCollector(RedoCollector.java:216)
at oracle.av.platform.agent.collfwk.impl.redo.RedoCollectorManager.startTrail(RedoCollectorManager.java:199)
at oracle.av.platform.agent.collfwk.impl.factory.CollectionFactory.createCollection(CollectionFactory.java:504)
at oracle.av.platform.agent.collfwk.impl.factory.CollectionFactory.createCollection(CollectionFactory.java:354)
at oracle.av.platform.agent.StartTrailCommandHandler.processMessage(StartTrailCommandHandler.java:63)
at oracle.av.platform.agent.AgentController.processMessage(AgentController.java:325)
at oracle.av.platform.agent.AgentController$MessageListenerThread.run(AgentController.java:1859)
at java.lang.Thread.run(Thread.java:679)
i don't understand why the issue because the user has the privileges given by the script and i tried with grant as sysdba but without any result
i don't understand what are the privileges that the collector needs.
any idea?
thnks for any helpHi
Just run the script $AV_AGENT/av/plugins/com.oracle.av.plugin.oracle/config/oracle_user_setup.sql USER_NAME REDO_COLL
This will grant the user some privileges and roles like DBA and CREATE Database Link
I hope this answer your question
Thanks
Ahmed Moustafa -
OAV-9016 - Audit Vault 12.1.1 error creating audit trail with TRANSACTION LOG
Hey guys,
I bumped into this problem when trying to start an audit trail with TRANSACTION LOG.
Oracle Audit Vault and Database Firewall 12.1.1.1
Oracle 11gR2 RAC two nodes, OEL x64.
Connection String:
jdbc:oracle:thin:@//192.168.1.139:1521/orcl
I have already ran the sql setup for a REDO_COLL user.
Any ideas?
I have created secure target for each node.
(host01)(oracle@orcl1):log> pwd
/u01/app/oracle/agent/av/log
(host01)(oracle@orcl1):log> cat av.collfwk-8311-0.log
[2013-12-12T17:16:49.855-02:00] [collfwk] [ERROR] [] [] [tid: 22] [ecid: 192.168.1.109:27132:1386867392018:0,0] OAV-9016: Target database global_name is not correct. global_name must include the domain for transaction log collection. Please configure the target database with the correct global_name.CollectionFactory : createCollection : Exception while creating collection. [[
Target database global_name is not correct. global_name must include the domain for transaction log collection. Please configure the target database with the correct global_name.
at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.checkDBName(RedoCollector.java:1480)
at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.verifySource(RedoCollector.java:1278)
at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.startCollector(RedoCollector.java:215)
at oracle.av.platform.agent.collfwk.impl.redo.RedoCollectorManager.startTrail(RedoCollectorManager.java:199)
at oracle.av.platform.agent.collfwk.impl.factory.CollectionFactory.createCollection(CollectionFactory.java:504)
at oracle.av.platform.agent.collfwk.impl.factory.CollectionFactory.createCollection(CollectionFactory.java:354)
at oracle.av.platform.agent.StartTrailCommandHandler.processMessage(StartTrailCommandHandler.java:63)
at oracle.av.platform.agent.AgentController.processMessage(AgentController.java:325)
at oracle.av.platform.agent.AgentController$MessageListenerThread.run(AgentController.java:1859)
at java.lang.Thread.run(Thread.java:722)
(host01)(grid@+ASM1):~> lsnrctl status
LSNRCTL for Linux: Version 11.2.0.3.0 - Production on 12-DEC-2013 17:27:34
Copyright (c) 1991, 2011, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER)))
STATUS of the LISTENER
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.3.0 - Production
Start Date 12-DEC-2013 16:58:03
Uptime 0 days 0 hr. 29 min. 31 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/11.2.0/grid/network/admin/listener.ora
Listener Log File /u01/app/grid/diag/tnslsnr/host01/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=LISTENER)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.1.109)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.1.139)(PORT=1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
Instance "+ASM1", status READY, has 1 handler(s) for this service...
Service "orcl" has 1 instance(s).
Instance "orcl1", status READY, has 1 handler(s) for this service...
Service "orclXDB" has 1 instance(s).
Instance "orcl1", status READY, has 1 handler(s) for this service...
The command completed successfully
(host01)(grid@+ASM1):~>
(host01)(grid@+ASM1):~> cat /u01/app/11.2.0/grid/network/admin/listener.ora
LISTENER=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER)))) # line added by Agent
LISTENER_SCAN3=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER_SCAN3)))) # line added by Agent
LISTENER_SCAN2=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER_SCAN2)))) # line added by Agent
LISTENER_SCAN1=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER_SCAN1)))) # line added by Agent
ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER_SCAN1=ON # line added by Agent
ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER_SCAN2=ON # line added by Agent
ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER_SCAN3=ON # line added by Agent
ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER=ON # line added by Agent
(host01)(grid@+ASM1):~>Hi
Just run the script $AV_AGENT/av/plugins/com.oracle.av.plugin.oracle/config/oracle_user_setup.sql USER_NAME REDO_COLL
This will grant the user some privileges and roles like DBA and CREATE Database Link
I hope this answer your question
Thanks
Ahmed Moustafa -
Regarding different logging levels in audit trail
Hi everyone,
where to find various logging levels (like 1-10) of audit trail in oracle...if so how to set that logging levels....reply pleaseAuditing can be set with below option in oracle.
AUDIT_TRAIL = { none | os | db | db,extended | xml | xml,extended }
http://docs.oracle.com/cd/B19306_01/server.102/b14237/initparams016.htm -
Logging SID to Operating System Auditing Trail
Greetings,
In Oracle 10 and 11, is there a way to include the SID in the information that gets logged to the operating system audit trail?
Thanks,
Mylesuser13431282 wrote:
Greetings,
In Oracle 10 and 11, is there a way to include the SID in the information that gets logged to the operating system audit trail?
SID as in ORACLE_SID or V$SESSION.SID? -
How to delete logs in audit trail
is it possible to delete entries on the audit trail? Let say for example, i want to delete all the entries for the year 2008, what will be the steps/transactions to use?
thanks in advance for your help.
regards,
markeeHello Markee,
I got your point,
ask your developer to program a small report which would delete content of these tables based on your selection.
Selection could be time interval based on creation date.
For example:
select options: so_date type /SAPSLL/SPLAUD-CRSTP.
DELETE from /SAPSLL/SPLAUD
WHERE CRSTP in so_date
(so_date for example 01.01.2000 - 01.01.2005)
I am not the best developer but i believe this can be done in 5 minutes.
Hope this helps,
Best regards,
Gabriel. -
Account locked out events are not getting in active directory security event logs
Account locked out events are not getting in active directory security event logs for some users. I can see that the user is locked and when i tried to find out the event in sec log at DC but couldnt able to find. It is only happening for some users.
not for the all users.In addition.
Check the ADDS Audit.
Active Directory Services Audit - Document references
Regards~Biswajit
Disclaimer: This posting is provided & with no warranties or guarantees and confers no rights.
MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
MY BLOG
Domain Controllers inventory-Quest Powershell
Generate Report for Bulk Servers-LastBootUpTime,SerialNumber,InstallDate
Generate a Report for installed Hotfix for Bulk Servers -
After the IOS7 update, i can no longer use my imessage and facetime. It says "waiting for activation" and tried to log in on my apple id but it turned out to connection error. Please help me guys! Thank you.
Have you tried to reboot your phone(hold home and lock button simutainiously)?
-
Need detailed info about Active,New and Change log table in BI 7.0
Dear Experts,
I am new to this technology. Can you any one explain in very detail about ACTIVE, NEW and CHANGE LOG tables workflows.
And also i am requesting you all to give tips to how to study BI 7.0
Regards,
Ameer.NFor your first problem solution is this note: 936644
You might have not mapped the filed in your tarnsfer/update rules? -
Issue: admin activity is not fully logged to syslog
Hello!
cisco 7606, IOS 12.2(33r)SRC3
For exalmple, while activating ipv6 bgp session, when entering command:
#neighbour 2001:7F8:S:FF::109 password PASSWD
Syslog gets such an entry:
Wed Oct 10 14:20:00 2011 router1 admin syslogserv stop cmd=neighbor password *****
I wonder, why neighbor's IPV6 address is not present in the entry. It makes some difficulties in account activity monitoring.
#sh run
<cut>
logging buffered 2000000
logging console errors
logging monitor errors
aaa authentication username-prompt "login: "
aaa authentication login default group tacacs+ line enable
aaa authentication login CONSOLE line none
aaa authorization exec default local group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common
logging event link-status default
<cut>
WBR, Alex.Hi Lawrence ,
Yes, I have the answers for your questions, please find the same below.
1 ) No , I haven't got any 'weblogic.application.ModuleException' at the server or stdout log.
2 ) While trying to telnet from my window maching, It is not connected to my server.
C:\Documents and Settings\Administrator>telnet 20.10.5.2 7001
Connecting To 20.10.5.2...Could not open connection to the host, on port 7001: Connect failed
C:\Documents and Settings\Administrator>
3 ) Yes, I have flushed the cache , tmp folder by taken backup of the domain folder and then restarted the weblogic - but no luck , Still not able to accessible.
Hope , Second question & answer will be the cause for the issue ( But not sure Why it was accessing from the same windows machine earlier ? ).
Please suggest... Thanks!
Maybe you are looking for
-
RegExp performance for returning contextual search results
Hello, I have a search results page on which I want to display search term results in context ... the search term plus 15 words on either side. I've written a function that is working (pasted below). Essentially, it receives as string and then I use
-
I'm trying to burn a DVD of photos with music and the quality of the photos is not the same as the original photos I'm working with after I view the burned DVD. What settings are needed to insure a good quality of the photos?
-
Hi, I use DAD to upload and download DOC files from BLOB in JSPs,How can I convert DOC format to HTML format in downloading and display tithe files in IE browser? Best Regard, Yanming Xu
-
Sync problem "not authorized to sync from this computer"!!
When I want to sync my iphone with application that I download to my itunes in my comuter. it gives error and says you are not authorized to sync your iphone at this computer???Why not??
-
Do I have the legit and correct Flash player 10?
Windows Vista Home Premium with Vista SP2 using IE7 I had difficulty getting Flash player 10 version 10.0.32.18 from download at the adobe site. Kept getting error "GetPlus+ Error Operating System Error! 16236.203.235" and I was not able to downl