ALSB SNMP Destination Port Change

Hi,
When we configure SNMP Destination in ALSB, its "localhost" and port is 162.
Can we change the SNMP Destination Port number in ALSB?
Any help would be appreciated
Jon

The 2 questions you are asking are the same:
The Port on the content rule is how traffic enters the box (incomming request port)
The Port on the service is how traffic will be sent to the server.
By using diffrent ports on the service and content rule you invoke port address translation wich you need for question 2

Similar Messages

851W - mac address changes destination port on bridge

Hello,
We have a 851w configured in bridge mode between the wireless lan and the wired local lan.
The mac addresses of the machines connected through wire keep changing the destination port on where they are registered.
If they are on FastEthernetX everything works ok, when they are on VLAN1 we loose connection between wire and wireless clients.
NORMAL OPERATION
Destination Address Address Type VLAN Destination Port
0019.7d83.xxxx          Dynamic        1     Vlan1
0021.8656.xxxx          Dynamic        1     FastEthernet0
0022.9064.xxxx          Self               1     Vlan1
ERROR: NO NETWORK
Destination Address Address Type VLAN Destination Port
0019.7d83.xxxx          Dynamic        1     Vlan1
0021.8656.xxxx          Dynamic        1     Vlan1
0022.9064.xxxx          Self               1     Vlan1
I tryed to debug using the various debug arp commands but didn't find any useful info.
Why does it change the destination port?
How can I make it stable?
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname UM01
boot-start-marker
boot system flash:/c850-advsecurityk9-mz.124-11.XW6.bin
boot-end-marker
logging buffered 51200 warnings
dot11 ssid UM01
   vlan 1
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 7 00101615105E3F233C1569
ip cef
bridge irb
interface FastEthernet0
no ip address
ip virtual-reassembly
no dot11 extension aironet
encryption vlan 1 mode ciphers aes-ccm
ssid UM01
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
no cdp enable
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Vlan1
no ip address
ip tcp adjust-mss 1452
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
interface BVI1
description Bridge to Internal Network
ip address 10.10.189.254 255.255.255.0
no ip http server
no ip http secure-server
no cdp run
control-plane
bridge 1 protocol ieee
bridge 1 route ip
line con 0
privilege level 15
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input ssh
scheduler max-task-time 5000
end

FYI, the solution we found was to force the mac address of each wired computer to a physical interface and vlan 1.
This seems to have stabilize the communications, no more mac address hopping between destination port.

CSCtg82170: ip sla target port changes to 1967

I've been impacted by this bug significantly. The sla's are used for gathering stats that populate a customer portal. The bug basically causes the sla to fail when the event occurs and there's no indication that it's occurred.
For no reason the target port changes to 1967 which is reserved for IP SLA control packets.
example:
ip sla 778482511
udp-jitter 10.197.197.253 15426 source-ip 192.168.15.254 num-packets 20 interval 300
vrf xxxxxx
owner xxx
tag AutoGenerated
frequency 300
ip sla schedule 778482511 life forever start-time now
becomes
ip sla 778482511
udp-jitter 10.197.197.253 1967 source-ip 192.168.15.254 num-packets 20 interval 300
vrf xxxxxx
owner xxx
tag AutoGenerated
frequency 300
ip sla schedule 778482511 life forever start-time now
It took quite some time to work out what was actually happening and some time on a Tac service request before it was acknowledge as a bug.
Below is a table indicating device counts for various platforms and images with the affected count at the bottom.
h/w           image            count
1841      12.4(15)T8                98
1841      12.4(7a)                     41
1941      15.1(1)T                1944
1941      15.1(1)T2                     3
1941      15.1(3)T3                   48
1941      15.1(4)M4                349
1941      15.2(1)T1                     3
1941      15.2(2)T                       2
2821      12.4(15)T9                   1
2821      12.4(2)T1                   21
2821      12.4(24)T2                 79
2951      15.2(1)T                     24
3845      12.4(24)T2                   6
2921/K9 15.1(2)T1                     2
2921/K9 15.2(1)T                     48
3750ME 12.1(14)AX2               2
3750ME 12.2(52)SE               59
Total 2730
Devices currently displaying the issue
1941      15.1(1)T           324
1941      15.1(3)T3             3
1941      15.1(4)M4           10
If you've been struck by this bug I know you'll be relieved that it's actually a bug and your not going insane :-)
We currently have extra monitoring/checking in order to get on top of the issue but a fix would be really great.

We're having a similar issue with icmp-echo in that our source-ip address changes quite frequently in the running config (7201 rtr). The destination ip also appears to change when viewing sh ip sla configuration but not in the running config. We're currently running 12.4(24)T1. Looks like we'll be doing an IOS upgrade in the near future...

How do I NAT based on destination port while source port can be ANY

Goal - I want to forward Internet bound HTTP and HTTPS traffic to a Proxy via an IPSEC Tunnel - I want to maintain my private IP as it goes accross the IPSEC Tunnel - I also want remaining Internet Traffic to route Normally by NATing to my outside address.
In 8.4 this is quite easy as I can specify a destination port and have "any" source port for the NAT
Here is a snap shot of the config:
object service Proxy_HTTP
service tcp destination eq www
object service Proxy_HTTPS
service tcp destination eq https
nat (inside,outside) source static any any service Proxy_HTTP Proxy_HTTP
nat (inside,outside) source static any any service Proxy_HTTPS Proxy_HTTPS
object network Non_Proxy
nat (any,outside) dynamic interface
PROBLEM: I need this behavior in 8.2.x - I have found no way to mimic this.
You cannot use NAT Exemption as it cannot be port based
A static policy NAT with Access list will not work as you must specify a single source port - Since there is no way to predict the source port this wont work.
I don't see any of the other NAT Types working this way.
If there is a way to make this work in 8.2 please let me know - We have many ASAs and we are not ready to make the leap to 8.4 but we need to use the proxy.

Karen-
Results: Did not work. The web based shortcuts did not appear.
Below is the steps taken with your tips incorporated. (Again it's lengthy sorry about that, but anyone can recreate what was done here. Maybe someone can see something left out by doing/reviewing it).
Here is what was done:
1. Installed a fresh install of Windows 8.1 enterprise on a pc. No updates were ran.
2. During setup created the admin account.
3. Logged into the account a simple start screen was arranged and setup by:
Starting desktop Internet Explorer. Going to Technet's website. Clicked tools and then selecting "Add site to Apps" from the drop down menu. Went to Apps screen, right clicked and pinned it to start screen. Repeated this procedure with an
educational web based site.
Right clicked a few provisioned apps and unpinned them from the start screen.
Made a few groups and labeled them. Web based shortcuts were arranged with one provisioned app in that particular group.
4. Opened a Powershell, right clicked it and ran as administrator. Typed the following:
export-startlayout -path C:\Users\Public\Master.xml -as xml
(Master is the name chosen for this test .xml file and was put in a location all users would have privelages to access it).
5. Opened the command prompt and right clicked and "ran as administrator", typed in gpedit.
6. In the Local Group Policy under User Configuration, under Start Menu and Taskbar I choose the Start Screen Layout.
7. Enabled the policy and typed in: C:\Users\Public\Master.xml for the Start Layout File.
8. Opened computer management, under Local Users and Groups I chose Users, right clicked in the middle screen and created a new user called Alpha.
9. Logged out of the inital account and logged into newly created Alpha account.
10. When the Alpha account logged in the start screen came up with everything changed in the inital account but no web based shortcuts were found on the start screen or App view.

How to determine the destination port from a audit fail event

I have a bunch of audit failure events (4625) in our security log. The details only show the source address and port but no destination port info.. Is there anyway I can find out that info.? What I really want to know is what application\port does these
login try to authenticate into..
Thanks

Hi,
I am not aware of any way to determine the destination port based on event logs. However, you can try to use NetMon or other software to catch packages to see if it works.
As for application, you can check the Process Information in the event.
Best Regards,
Amy

Mac book pro (2008)will not start up,command-v gives (error) Import:Importer start failed for 89(kr:268435459)invalid destination port)

will not start up.
tried Command-v
message reads
(error) Import:Importer start failed for 89 (kr:268435459)invalid destination port)

First, uninstall "SuperTV" (whatever that is) according to the developer's instructions. It isn't working and it's filling the log with noise.
If you have more than one user account, these instructions must be carried out as an administrator.
Launch the Console application.
Step 1
Make sure the title of the Console window is All Messages. If it isn't, select All Messages from the SYSTEM LOG QUERIES menu on the left.
Enter "BOOT_TIME" (without the quotes) in the search box. Note the timestamps of those log messages, which refer to the times when the system was booted. Now clear the search box and scroll back in the log to the last boot time when you had the problem. Post the messages logged before the boot, while the system was unresponsive or was failing to shut down. Please include the BOOT_TIME message at the end of the log extract.
Post the log text, please, not a screenshot. If there are runs of repeated messages, post only one example of each. Don’t post many repetitions of the same message. When posting a log extract, be selective. In most cases, a few dozen lines are more than enough.
PLEASE DO NOT INDISCRIMINATELY DUMP THOUSANDS OF LINES FROM THE LOG INTO A MESSAGE. If you do that, I will not respond.
Important: Some private information, such as your name, may appear in the log. Edit it out by search-and-replace in a text editor before posting.
Step 2
Still in Console, look under System Diagnostic Reports for crash or panic logs, and post the most recent one, if any. In the interest of privacy, I suggest you edit out the “Anonymous UUID,” a long string of letters, numbers, and dashes in the header of the report, if present (it may not be.) Please don’t post shutdownStall, spin, or hang logs — they're very long and not helpful.

WRT54G Incoming Log Destination Port 520

I am trying to understand why an [Incoming Log Table] entry that recurs, i.e. in the page that presents itself when I navigate to the [Administration] Panel / [Log] Tab, and then click the [Incoming Log] button:
=================================
Incoming Log Table
Source IP = 178.33.xxx.yyy
Destination Port Number = 520
=================================
After I clear the Log (i.e. turn it off, save settings, turn it on again, save settings) the entry will reappear after a few days.
I have never seen any other incoming log entry.
Since it has been pressed into service several years ago, my WRT54G has been configured to block any and all incoming connections. The settings as they continue to appear (under the [Security] Panel / [Firewall] Tab) are:
=================================
Checked (Yes) = [Block Anonymous Internet Requests]
Checked (Yes) = [Filter Multicast]
Checked (Yes) = [Filter Internet NAT Redirection]
Checked (Yes) = [Filter IDENT (Port 113)]
=================================
I continue to have disabled all port forwarding, port triggering, the DMZ, and QoS, via the applicable tabs under the [Applications & Gaming] Panel. The WRT54G continues to be configured to operate as a Gateway (via the [Settings] Panel/[Advanced Routing] Tab). No static routes are defined. The routing table show four entries, none of which are remarkable or match in anyway the partial address identified above.
So I am under the impression that my WRT54G should be ignoring everything from the WAN-side.
Even pinging the WAN-side of my router from the outside internet times out.
My WRT54G ver 6 is at firmware level 1.02.8, which, as far as I can tell is the latest issued by Cisco.
I am completely perplexed how such a connection is being established, and do not know if it is or has the potential of causing any harm. My own research indicates port 520 is typically used for RIP protocol, but I have almost zero knowledge of such.
I certainly appreciate any elucidation.
My thanks for your attention.

bonski wrote:
Forgive me if I seem flippant, but I am not sure what kind of "glitch" you are looking to correct. If performing a factory reset procedure were already known to correct a specific problem, then I would seriously consider it. If performing a factory reset did not run the risk of injecting more problems through the process of having to redo firmware updates and settings, then I would seriously consider it. I am truly seeking insight into understanding the nature of the symptoms, and why they may be occurring. I am not looking for trial and accidental success.
Thank you for you thoughts.
Hi bonski,
The log means that the IP: 178.33.xxx.yyy (which is from your ISP) sends logs to port 520. Port 520 is your router. I believe it is saying that you ISP simply sends data to your router. This is normal since your router gets internet connection from the ISP. This is by the way base on my understanding about the research I've made.
This might help:
http://www.pc-library.com/ports/tcp-udp-port/520/
http://www.auditmypc.com/udp-port-520.asp
http://www.iss.net/security_center/advice/Exploits/Ports/520/default.htm

Keep getting invalid destination port message every 30 sec in Console

Hi, this is my first post so be easy on me. I have been checking up on a possible attack on my website and looking for things that may have caused visits/dowloads to blow out.
While do this I looked at my Console app on my iMac 2.4 Ghz Intel Core 2 Duo running 10.6.8 and notice that every 30 seconds there is a dual message:
6/09/11 4:39:38 PM imagent[161] Unable to create APS daemon connection: (ipc/send) invalid destination port
6/08/11 4;39:38 PM imagent[161] Unable to set enabled topics: (ipc/send) invalid destination port
This action then repeats itself every 30 seconds non stop. Every now and then the odd "normal" error will appear with various apps but this is constant.
The bottom of the Console window reads 4001 messages from 5/09/11 12:30:21 tp 6/09/11 4:57:08 PM
I have looked on the web to try and find out what the 161 refers to and what meaning of the phrases are, but none address 161 specifically and most seem to be in foreign languages.
Your help will be greatly appreciated
Matt

Thanks for that. I had a look at Facetime and had vitually forgottten about it having never used it. I tired about 8 months ago and coould never log in. All I ever got was the spinning wheel at log in, which is exactly what I have just got know as I tried to open it again.
I am wondering if it has been going throogh this process ever since.
Anyway I looked into the ~/Library/LaunchAgents and the nearest I can find are com.apple.apsd-ft.plist, com.apple.FTMonitor.plist, which may relate to Facetime and then there is com.apple.imagent.plist
which is the one that seems to be causing the problem.
Now when I read your reply and did the search using your parameters and the very first reply said that:
"As you probably know, you can get FaceTime invitations even if you have quit FaceTime. That feature is provided by "imagent".
Unless you have configured the FaceTime > Preferences... > FaceTimesetting to "OFF", you are still using "imagent" (and a couple of other support processes) even if you have "Quit" Facetime.
Once you set the preference to "OFF", imagent will go away, but you will not be able to receive any incoming FaceTime invitations until it is turned ON again."
Well as I can't log into Facetime I can't get to Preferences, to turn it off. Now bear in mind I am new to this type of thing, but I have heard some people say that you can throw plist's in the trash and that the application regenerates a new problem free version.
Is this what you suggest I do and if so which of the above three would be the one(s) to delete?
And thank you very much for the very quick reply, much appreciated
Matt

Problem in setting destination port in smslib

Friends
Its working well when i use two cell phones to send messages between them with push registry. Now I am using smslib3.2.0 to send the msg from PC. There is a function to set the destination port msg.setDstPort(50005);. But still the message is delivered to the inbox rather than the particular port. I been sitting with this problem for 2 days. My complete code is
Service srv;
     OutboundMessage msg;
     BufferedReader stdin = new BufferedReader( new InputStreamReader( System.in ) );
     String moblino = stdin.readLine();
     String message = stdin.readLine();
     srv = new Service();
     SerialModemGateway gateway = new SerialModemGateway("com1", "COM15", 9600, "gsmmodem", "6310i", srv);
     gateway.setInbound(true);
     gateway.setOutbound(true);
     srv.addGateway(gateway);
     srv.startService();
     msg = new OutboundMessage("+91"+moblino, message);
     msg.setDstPort(50005);
     System.out.println("GateWay Status   :"+gateway.getGatewayStatus());
     System.out.println(" GetDestination port :"+msg.getDstPort());
    if(GatewayStatuses.OK == gateway.getGatewayStatus()) {
       srv.sendMessage(msg);
     }else
          System.out.println(" modem failed");
     System.out.println(" response : "+msg);
     srv.stopService();I believe the port no. is not set to 50005 even though I use the fucntion msg.setDstPort(50005);
I appreciate all the replies
Pravin

Multi-post:
http://forum.java.sun.com/thread.jspa?threadID=727161&tstart=0

Destination Bin change in Pick Module Replenishment scenario

Dear Experts,
We have a requirement to perform destination bin change during TO confirmation into the pick module for replenishment scenario. The requirements is as below:
System set up:
We have a storage type 001 (Replen Storage type) that has been configured with putaway strategy as 'F'. It is basically a pick module wherein we have defined one fixed bin for every SKU or Material in WM2 view and we have defined the minimum, maximum, control quantity & replenishment quantity.
Our requirement is to perform a two step confirmation for the stocks going into this pick module meaning although the fixed bin in determined during TO creation user needs flexibility to change the destination bin to a new interim bin during confirmation and then they will intern perform a bin to bin transfer from interim bin into the actual fixed bin location.
We do not want to activate standard 2 step procedure as it will impact other kind of picking process. Hence need a solution to perform destination bin change as below.
1. For Material A and Fixed Bin 001 in storage type 001, the stock level has gone below minimum quantity.
2. A transfer order is created automatically to replenish this bin from another storage type(This is standard SAP replen process).
3. The user will pick stock from the source storage type and deposit the stock into an replenishment interim bin which is also a part of the same pick module.
4. The user wants to confirm stock in interim by changing destination bin to say bin 002 in storage type 001. Although we have activated destination bin change for this storage type it is not allowing us to change bin during confirmation.
We are looking for help from experts to provide a solution for this scenario. Is activating destination bin change for fixed allowed by standard SAP? If not what are the other alternatives to achieve this functionality. Please refer the attached document for details.
Best Regards,
Harish

Hi Harish
How is the replenishment triggered..are you using LP21,LP22 or LP24...IF YOU use any of these standard SAP TCode, first the system creates TR and the bin gets fixed in the TR itself. Even by having destination bin changeable at the time of confirmation will have no effect and will continue to remain grey.
I had a similar requirement in one of the projects.Placement strategy was next empty bin and since fixed bin was maintained in material master , system was always defaulting fixed bin in TR. When TR was converted to TO, the same bin got carried over
to avoid this we used user exit EXIT_RLLNACH4_004 to prevent defaulting of bin in TR. TR was created without destination bin. When TR is converted to TO, system can find the bin based on the strategy maintained. This works very well and we have used it successfully
Regards
Jayaram

CS-MARS 5.3.x and Top Destination Port "0"?

Hi -
We have a CS-MARS just installed and in the Dashboard under "Activity - All Events and NewFlow - Top Destination Ports", it lists the top port as "0". What is this and why is it doing it?
It is almost double what TCP/80 is. When I run a report, there is no source address, and if I look at the events it is from our PIX about tearing down connections and such?

Destination Port Ranking : Returns destination ports. Ranked by either number of sessions with that destination port or by bytes transmitted in sessions that contain events that meet the query criteria.
Refer the following url for more info on "top destination port "0"":
http://www.cisco.com/en/US/docs/security/security_management/cs-mars/5.3/user/guide/global_controller/q_report.html#wp1048282
Activity: Network Usage - Top Destination Ports: This report ranks destination ports by number of network sessions. This report requires that the syslog level of routers or firewalls be set to high to be able to capture session events. This report provides a general usage pattern of the network.

Failed to start SQL SERVER cluster after port changed from 1433 to 61433

Hi
Today, I did Geo SQL2012 Cluster installation with with 2 VIP different subnet. Currently i'm getting problem in changing default port 1433 to 61433, after changing port Cluster group not coming up, SQL Failing. I don't know and not sure, if SQL
service is depend on Port. Please help us , its producion issue.

How you change port ,Changing Port in clustered environment required different procedure. You need to run the command of remove checkpoints and add checkpoints.
See below links
Remove-ClusterCheckpoint
http://technet.microsoft.com/en-us/library/hh847295.aspx
Add-ClusterCheckpoint
http://technet.microsoft.com/en-us/library/hh847255.aspx
--Please mark this Answer if it helps to solve the issue

2950C Unable to ping destination port in monitor session

I have 2 Pix firewalls and a web filtering server running Surfcontrol. In order for Surfcontrol to filter web usage it has to see the traffic being sent to the firewall's. I have created a monitor session and have used the firewall ports as the source with transmit and receive, and the web filter server as the destination. However when I do this I am not able to ping the web filter server. The web filter is unable to function ie block websites based on the rules that we have setup if the destination port is unable to send packets to internal workstations.
Is there anything I can do to allow the destination port to be able to send packets to internal workstations ??

Hi Frined,
When you configure SPAN destination port , that port will just work as a monitoring port and will not work for general network traffic.
If you do " sh int" you will see line protocol down (monitoring)
Now if you want that port to monitor as well as take part into normal network also you have to enable ingress traffic on the destination port
"monitor session session_number destination interface interface-id [ingress vlan vlan id]"
Check this link for more details
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12119ea1/2950scg/swspan.htm#1218090
HTH
Ankur

Using EEM to identify destination port of incoming traffic

I'm using the following script to pull out the source port from a syslog message generated by an ACL. The intent is to grab the destination port for use later in the script:
no event manager applet REDIRECT
event manager applet REDIRECT
event syslog pattern "IPACCESSLOGP:"
action 10 cli command "enable"
action 15 wait 2
action 100 cli command "show log | i IPACCESSLOGP"
action 105 wait 2
action 120 regexp "[0-9.]+\)," "$_cli_result" result
action 130 if $_regexp_result eq 1
action 135 string trimright "$result" "),"
action 140 puts "PORT:$_string_result"
action 150 else
action 160 puts "NO MATCH"
action 170 end
The isssue is that if the logging buffer has no entries, the script appears to grab the port correctly. If there are multiple ACL syslog messages, it will process the first one it finds and print out the port correctly. I have debugged "event man action cli" and cannot determine why the match is failing (output below):
HPR#clear log
Clear logging buffer [confirm]
!HERE IS THE FIRST PACKET DESTINED FOR PORT 31340:
HPR#
*Dec 10 14:15:05.939: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 192.168.194.1(7379) -> 192.168.194.100(31340), 1 packe
t
*Dec 10 14:15:06.015: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : CTL : cli_open called.
*Dec 10 14:15:06.027: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : HPR>
*Dec 10 14:15:06.027: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : IN : HPR>enable
*Dec 10 14:15:06.051: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : HPR#
*Dec 10 14:15:06.051: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : IN : HPR#show log | i IPACCESSLOGP
*Dec 10 14:15:06.311: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : *Dec 10 14:15:05.939: %SEC-6-IPACCESSLOGP: list
100 permitted tcp 192.168.194.1(7379) -> 192.168.194.100(31340), 1 packet
*Dec 10 14:15:06.311: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : HPR#
*Dec 10 14:15:08.327: %HA_EM-6-LOG: REDIRECT: PORT:31340
*Dec 10 14:15:10.327: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : CTL : cli_close called.
!HERE IS THE FIRST PACKET DESTINED FOR PORT 31341:
HPR#
*Dec 10 14:15:46.439: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 192.168.194.1(7388) -> 192.168.194.100(31341), 1 packe
t
*Dec 10 14:15:46.515: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : CTL : cli_open called.
*Dec 10 14:15:46.527: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : HPR>
*Dec 10 14:15:46.531: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : IN : HPR>enable
*Dec 10 14:15:46.551: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : HPR#
*Dec 10 14:15:46.551: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : IN : HPR#show log | i IPACCESSLOGP
*Dec 10 14:15:46.831: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : *Dec 10 14:15:05.939: %SEC-6-IPACCESSLOGP: list
100 permitted tcp 192.168.194.1(7379) -> 192.168.194.100(31340), 1 packet
*Dec 10 14:15:46.831: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : *Dec 10 14:15:06.051: %HA_EM-6-LOG: REDIRECT : D
EBUG(cli_lib) : : IN : HPR#show log | i IPACCESSLOGP
*Dec 10 14:15:46.835: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : *Dec 10 14:15:06.311: %HA_EM-6-LOG: REDIRECT : D
EBUG(cli_lib) : : OUT : *Dec 10 14:15:05.939: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 192.168.194.1(7379) -> 192.168
.194.100(31340), 1 packet
*Dec 10 14:15:46.835: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : *Dec 10 14:15:46.439: %SEC-6-IPACCESSLOGP: list
100 permitted tcp 192.168.194.1(7388) -> 192.168.194.100(31341), 1 packet
*Dec 10 14:15:46.835: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : HPR#
*Dec 10 14:15:48.847: %HA_EM-6-LOG: REDIRECT: PORT:31340
*Dec 10 14:15:50.847: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : CTL : cli_close called.
Is there a more precise way to pull just the information about the message that triggered the EEM applet (like an environment variable that I could match on and pull the port info out with a regex?
Thank you,

I made a modification to the script that clears the log file after it runs....that appears to hav fixed the issue with it reading the port information from the first syslog message. But the script only works when being debugged ("debug event man action cli") and then only gets "NO MATCH" when debugging is disabled. Yikes!
HPR#show run | b event
event manager applet REDIRECT
event syslog pattern "IPACCESSLOGP:"
action 10 cli command "enable"
action 100 cli command "show log | i IPACCESSLOGP"
action 105 wait 2
action 120 regexp "[0-9.]+\)," "$_cli_result" result
action 130 if $_regexp_result eq 1
action 135 string trimright "$result" "),"
action 140 puts "PORT:$_string_result"
action 145 cli command "tclsh clearlog.tcl"
action 150 else
action 160 puts "NO MATCH"
action 170 end
end
Here's the debug:
!NO DEBUG: SENDING PACKETS ON PORT 666 (NO MATCH)
HPR#
*Dec 10 14:47:18.511: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 192.168.194.1(7908) -> 192.168.194.100(666), 1 packet
*Dec 10 14:47:20.883: %HA_EM-6-LOG: REDIRECT: NO MATCH
!NO DEBUG: SENDING PACKETS ON PORT 667 (PORT:666 displayed)
HPR#
*Dec 10 14:47:33.259: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 192.168.194.1(7912) -> 192.168.194.100(667), 1 packet
*Dec 10 14:47:35.639: %HA_EM-6-LOG: REDIRECT: PORT:666
!CLEARED LOG AND ENABLED DEBUGGING ("debug event man action cli")
HPR#clear log
Clear logging buffer [confirm]
HPR#debug event man action cli
Debug EEM action cli debugging is on
HPR#
HPR#clear log
Clear logging buffer [confirm]
!SENDING PACKETS ON PORT 668 (WIN!)
HPR#
*Dec 10 14:48:05.927: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 192.168.194.1(7918) -> 192.168.194.100(668), 1 packet
*Dec 10 14:48:06.003: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : CTL : cli_open called.
*Dec 10 14:48:06.019: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : HPR>
*Dec 10 14:48:06.019: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : IN : HPR>enable
*Dec 10 14:48:06.039: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : HPR#
*Dec 10 14:48:06.043: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : IN : HPR#show log | i IPACCESSLOGP
*Dec 10 14:48:06.287: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : *Dec 10 14:48:05.927: %SEC-6-IPACCESSLOGP: list
100 permitted tcp 192.168.194.1(7918) -> 192.168.194.100(668), 1 packet
*Dec 10 14:48:06.287: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : HPR#
*Dec 10 14:48:08.299: %HA_EM-6-LOG: REDIRECT: PORT:668
*Dec 10 14:48:08.303: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : IN : HPR#tclsh clearlog.tcl
*Dec 10 14:48:08.543: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : HPR#
*Dec 10 14:48:08.547: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : CTL : cli_close called.
!SENDING PACKETS ON PORT 669 (WIN!)
*Dec 10 14:48:11.499: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 192.168.194.1(7921) -> 192.168.194.100(669), 1 packet
*Dec 10 14:48:11.579: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : CTL : cli_open called.
*Dec 10 14:48:11.591: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : HPR>
*Dec 10 14:48:11.595: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : IN : HPR>enable
*Dec 10 14:48:11.615: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : HPR#
*Dec 10 14:48:11.615: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : IN : HPR#show log | i IPACCESSLOGP
*Dec 10 14:48:11.879: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : *Dec 10 14:48:11.499: %SEC-6-IPACCESSLOGP: list
100 permitted tcp 192.168.194.1(7921) -> 192.168.194.100(669), 1 packet
*Dec 10 14:48:11.879: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : HPR#
*Dec 10 14:48:13.891: %HA_EM-6-LOG: REDIRECT: PORT:669
*Dec 10 14:48:13.895: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : IN : HPR#tclsh clearlog.tcl
*Dec 10 14:48:14.123: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : OUT : HPR#
*Dec 10 14:48:14.127: %HA_EM-6-LOG: REDIRECT : DEBUG(cli_lib) : : CTL : cli_close called.
Thoughts?

Destination port nating

Dear Team,
I want to nat my destination ip address port from 80 to 8080. For example:- all of the traffic which is destined to google.com on port 80 should need to get nat to port 8080 where the destination ip should be remain same. In a short, only the destination port should be get nat and the destination ip address remains same. Kindly suggest.
I am using Cisco router to achieve this.

Hello Mr. Mason,
Welcome to the Small business support comunity.
Let me share with you some information related to the NAT configuration on a RV042, found on the guide me setion where you could find all the information related with Cisco Small businness products configuration.
http://is6.nohold.net/CiscoSB/ukp.aspx?vw=1&docid=e3105749e13f40a3a302802259189e07_Setting_Port_Range_Forwarding_for_the_RV042.xml&pid=4&fcid=&fpid=&slnid=18
http://is6.nohold.net/CiscoSB/ukp.aspx?vw=1&docid=2134697b1d7844cfa16a300fb0762cd2_Setting_Port_Triggering_for_the_RV082.xml&pid=4&fcid=&fpid=&slnid=18
hope you find this answer useful, if it was satisfactory for you, please mark the question as Answered.
Diego Rodriguez
Cisco network engineer
Thank you

ALSB SNMP Destination Port Change

Similar Messages

Maybe you are looking for