ASA 5550 - Two different syslogs servers

Similar Messages

• Send certain syslog messages to different syslog servers

  We have had a security event where we have had to apply certain ACL's to block some traffic.  Some of the blocked traffic is logged to syslog.  We would like to send that log information to different syslog servers, depending on certain pattern matches.
  syslog entries that match pattern xxx = export to syslog server A
  syslog entries that match pattern yyy = export to syslog server B
  Is this possible using something like tcl scripting and EEM?  If so, could someone share some guidance on how this might be accomplished?
  TIA

  Thanks, Joseph.  You answered the question asked...but unfortunately I think that I did not phrase the question correctly.
  Our match criteria will always be mutually exclusive, so it will never match both.  Always one or the other.
  So now that we have this working in it's basic form, now we want to take it a step further and do the following....
  (working) Match criteria A, set Stream 10
  (working) Match criteria B, set Stream 20
  (working) Send stream 10 to syslog Host A
  (working) Send stream 20 to syslog Host B
  (NEW) Send stream 10 AND 20 to syslog Host C
  Unless we have the syntax incorrect, it appears as though we can only send one stream to a given host.  We can configure 'logging host SyslogC filtered stream 10'.  But if we then configure 'logging host SyslogC filtered stream 20', it appears to overwrite the previous configuration, so that we only send Stream 20 to SyslogC, and not Stream 10.
  Is it possible to send multiple streams to a single syslog host?
  Thank you!

• Use one agent for two different managment servers

  Hi ,
  Can one agent be connected to two different managment server in different domains ,
  or do i have to install two agents in the same server to connect to each managment server .
  thanks

  Can one agent be connected to two different managment server in different domains
  No
  do i have to install two agents in the same server to connect to each managment server Yes.

• How to build transitional replication on two different domain servers in SQL server 2012 ?

  Hi All,
  We have to build transnational replication with updatable  subscribers between two different domains .
  Is it possible ,if it's possible please share the any document or process .....
  Thanks in advance. 
  RAM

  Yes this is possible.
  Replication across two non-trusted domains or workgroups can be done by using Windows Authentication by configuring
  pass-through authentication.
  Create a local Windows account on both the Publisher and Subscriber that has
  the same username and password. Use this account for the Merge Agent process account and have the connections to the publisher and distributor impersonate the agent process account. Ensure the account has the permissions required in
  Replication Agent Security Model.
  This approach is covered in the section Use Windows Authentication to Set Up Replication Between Two Computers Running SQL Server in Non-Trusted Domains in
  HOW TO: Replicate Between Computers Running SQL Server in Non-Trusted Domains or Across the Internet.
  Another approach to configure replication between non-trusted domains is to use SQL authentication for cross domain connections.
  Brandon Williams (blog |
  linkedin)

• Using two different ldap-Servers?

  Within our company we use a central ldap-service for authentification. To to the amount of different applications and roles, it is currently not planned to use this service also for roles management.
  Thus we think of installing SUN Directory Server for our department. But as most products can only be configured for one ldap server, we need the following architecture:
  1. Application connects to SUN Directory Server for authentification and roles request
  2. SUN Server reroute authentification request to central LDAP-Server and enhances the results with its own user information for defined user roles.
  3. SUN Server sends this combined information back to Application
  Is it possible to configure SUN Directory Server in this way?
  Thanks a lot for your support,
  Torsten Beilke

  It is not clear to me what is the relationship between LDAP DS server to applications you wish to manage. Sun does have the web policy agent and J2EE agent just doing what you describe below.
  The access manager is the center of this architecture which will authenticate any new user to corp. LDAP DS. If any user tries to access application (web or J2EE), the request will redirect to AM (access manager) to post a login page. After this user enters name/password, submit to verfication against corp.DS. If it is OK, then redirect user browser to application with valid cookie (token) and application can interact with user starting this point. Is this scenario inline with what you want to accomplish in your use case? If not, give us your detail scenario. Jerry

• Client comparision which are in two different systems

  hi
  here there is a different issue this time ....
  we have two different clients (100 & 800) in two different  ecc servers. in both of these servers in 100 of system-1 and 800 of system-2 ,,, implementation is done.
  so now the problem is we have to compare 100 with 800 and what is missing in 100 has to be copied or what ever it may be has to be brought in to system 1 ( client 100)
  i mean earlier what we were doing in 100 & 800 differently , now should me done in one single server.
  how can i proceed , plz give me step by step procedure or give me some links.
  it will be highly greatful .
  thanks in advance
  akhil

  Hi Akhil,
  Hi you can compare tables in two different client in <b>SCMP</b>
  Regards,
  Suraj

• Connecting to two different database instances from a swing application.

  Hi All,
  I am developing a swing application which needs to interact with two different database instances of two different weblogic servers.
  More eloborately,
  I have some data in DB_Instance1 running on[b] Weblogic_Server1 and I need to insert the same data into DB_instance2 running on Weblogic_server2. Is it possible. Could some explain me how to do that..
  Thanks in advance...
  Sreekanth.

  Hi Rick,
  Try logging onto both Server first. You'll have to use either 2 separate ODBC DSN's or 2 separate OLE DB connections. Set them both for Trusted Authentication, you'll have to configure that on the Server also.Then try your query.
  If that doesn't work then you'll have to create a Stored Procedure or View that can link the 2 Server side.
  Thank you
  Don

• How to synchronize two different oracle designer repositories

  Hi
  we have the following situation
  we use Oracle designer and SCM repsository to manage our datamodels and server models.
  we have two teams working in two different locations. Both teams are working on the same datamodels/ server models.
  issue is , the network speed is slow between the two locations, so we dont want to use same instance of SCM repository (or in other words same oracle database server) to manage work.
  is there a way/Tool , whereby Both teams can work in separate repositories at their respective locations (i.e. on two different oracle servers ) and we keep transfering the changes (deltas) between two repositories to keep them in sync ?
  Tia and Regards

  You might be able to use a database link to connect from one db to another.

• Two different radius authentication methods on one guest wlan

  I would like to use two different radius servers to one guest wlan.
  One radius server is the Cisco NAC guest server, but I would like to use e.g. a RSA SecurID server as the second.
  If the user does not exsist on the NAC guest server, the wlc should check the RSA server.
  As I understand the servers mentioned under the layer 3 config tab on the wlan configuration tab is doing round-robin.
  Is there any way that I can implement this?
  Best regards,
  Steffen Lindemann

  Is there anything on the roadmap for the NAC guest server to use AD as an external database?
  It seems like it shouldn't be too difficult since the server is already using AD to map sponsor roles.
  We really would prefer to use a single SSID instead separate SSIDs for guest and domain accounts.
  Thanks in advance!

• How to pass the security context between different OC4J servers

  My problem is the following: it seems that there is no standard J2EE solution in a production environment with more than one J2EE application server products to pass the security context between different J2EE application servers.
  I have a distributed application on two different OC4J servers, let's say that we have the web layer (with servlets) deployed on a server instance Server1 and the EJBs deployed on a second OC4J server Server2. If an user is authenticated at the web tier (in Server1) it gets a Principal object. It seems that the same Principal object cannot be used for authorization in the second application server, Server2. This means that in the server Server2 the authentication should be done again. It means that it should be duplicated the mechanism for authentication on Server2 (together with the passwords, users, and so on), thing that is a clear disadvantage of this approach.
  Do you know if there is a specific OC4J solution for this approach?
  Thank you,
  Marinel

  I have a simmilar issue? Did you succeeded to find a solution?

• Connecting to two different SQLServers present on different Locations

  Hi,
  How can i connect to two different SQL Servers which are at different locations in the same session? IS there any way to do this without disconnecting from the first server?
  cheers,
  Sachin

  Well,
  actually my problem is that im reading Database
  e Properties through a file which contains multiple
  database entries. And i have only one Connection
  Object so if im logged into one ex SQLServer in
  London, I have a class which will allow me to loginto
  another database SQL Server at New York. Now how do i
  keep my connection as well as connect to New York
  Database Server with the same Connection Object. If
  possible, I need to logoff from the Server at London.
  How do i do this? Any Ideas?Redesign. You have a connection object that can only have one connection. Either you have to close that connection and reconnect to the other one, or you need two of them. Those are your choices.

• 11g Multiple Rpd on one BI server connecting to two different data marts

  Hi
  Did anyone tried and successfully implemented multiple rpds on one bi server. I have similar requirement in one of the clients place.
  1. Install OBIEE 11g with vertical scaling( reason client doesnt want to spend extra money on additional server licenses) and would like to utilize the powerful existing servers.
  2. Install 2 rpds on One BI Server and connect to two different datamarts.
  3. Create two PS and provide two links to have two different reporting environments.
  Appreciate with any pointers. I am very clear on Vertical Scaling and bumping up the Bi , PS and Java Hosts components. I saw a post with successful implementation of the same functionility in 10g and nothing in 11g. I already reviewed ritmanmeed blogs but did not give a complete picture of successfull implementation.
  Thanks

  Hi,
  Yes, it is possible to have two different .rpds on one BI Server but then you need to set up two different Presentation Servers.
  Refer the below threads for more information.
  Re: multiples RPD in one server
  Re: Multiple RPD & Multiple Presentation service instance on single BI Server
  https://forums.oracle.com/forums/thread.jspa?messageID=9189677&#9189677
  Can i put two rpd files in nqsconfig init file in BI Admin
  Hope this help's
  Thanks
  satya

• How Can i Use two Different Public IP Addresses no my DMZ with ASA Firewall.

  How To Using Two Different Public IP Address on My DMZ with ASA 5520
  Postado por jorge decimo decimo em 28/Jan/2013 5:51:28
  Hi everyone out there.
  can any one please help me regarding this situation that im looking for a solution
  My old range of public ip address are finished, i mean (the 41.x.x.0 range)
  So now i still need to have in my DMZ another two servers that will bring some new services.
  Remember that those two server, will need to be accessable both from inside and from outside users (Internet users) as well.
  So as i said, my old range of public ip address is finished and we asked the ISP to gives some additional public
  ip address to address the need of the two new servers on DMZ. and the ISP gave us the range of 197.216.1.24/29
  So my quation is, on reall time world (on the equipment) how can i Use two different public ip address on the same DMZ
  on Cisco ASA 5520 v8??
  How my configuration should look like?
  I was told about implementing static nat with Sub Interfaces on both Router and ASA interface
  Can someone please do give me a help with a practical config sample please. i can as well be reached at [email protected]
  attached is my network diagram for a better understanding
  I thank every body in advance
  Jorge

  Hi,
  So looking at your picture you have the original public IP address range configured on the OUTSIDE and its used for NAT for different servers behind the ASA firewall.
  Now you have gotten a new public IP address range from the ISP and want to get it into use.
  How do you want to use this IP address range? You want to configure the public IP addresses directly on the servers or NAT them at the ASA and have private IP addresses on the actual servers (like it seems to be for the current server)?
  To get the routing working naturally the only thing needed between your Router and Firewall would be to have a static route for the new public network range pointing towards your ASA OUTSIDE IP address. The routing between your Router and the ISP core could either be handled with Static Routing or Dynamic Routing.
  So you dont really need to change the interface configuration between the Router and ASA at all. You just need a Static route pointing the new public IP address towards the ASA outside IP address.
  Now when the routing is handled between the ISP - ISP/Your Router - Your Firewall, you can then consider how to use those IP addresses.
  Do you want to use the public IP addresses DIRECTLY on the HOSTS behind the firewall?This would require you to either configure a new physical interface with the new public IP address range OR create a new subinterface with the new public IP addresses range AND then configure the LAN devices correspondingly to the chosen method on the firewall
  Do you want to use the public IP addresses DIRECLTY on the ASA OUTSIDE as NAT IP addresses?This would require for you to only start configuring Static NAT for the new servers between the inside/dmz and outside interface of the ASA. The format would be no different from the previous NAT configuration other than for the different IP addresses ofcourse
  Of the above ways
  The first way is good because the actual hosts will have the public IP addresses. Therefore you wont run into problems with DNS when the LAN users are trying to access the server.
  The second way is the one requiring the least amount of configurations/changes on the ASA. In this case though you might run into problem with DNS (to which I refer above) as the server actually has a private IP address but the public DNS might reply to the LAN hosts with a public IP address and therefore connections from LAN could fail. This is because LAN users cant connect to the servers OUTSIDE NAT IP address (unless you NAT the server to public IP address towards LAN also)
  Hopefully the above was helpfull. Naturally ask more specific questions and I'll answer them. Hopefully I didnt miss something. But please ask more
  I'm currently at Cisco Live! 2013 London so in the "worst case" I might be able to answer on the weekend at earliest.
  - Jouni

• Ale / Idoc between two different servers

  Hi All,
  In my scenario i am working on two different servers in which distribution of idoc is carrying out.
  (Before this i have worked on same server scenarios with different clients.)
  But present scenario i am working with two diferent servers,
  like,
  i am having 100 client in server A (sender system) and 700 client in server B(receiver system),
  i have created all the basic steps like logical systems in both systems,
  Assign logical systems to clients in consecutive servers,
  RFC's and ports.
  while creating message type under model view in server A client 100(sender system ) i can find only 100 client's logical system name, i cannot find the 700 clients logical system name.
  due to both clients are in different ip address , does we need to transfer the logical system assign ment transport request to other client.
  regards,
  Mohd.

  Hello abdul  ,
  When you configure a logical system for example the same system with a different client (700) it should be configured in the source system (Client 100).
  In this way when you can send the relevant IDOCs via the ALE according the model view (BD64) ,the source system (100) knows that the target is the  system with the client 700 .
  (There is a generic RFC in the background process : INBOUND_IDOC_PROCESS).
  Sender :  system_100
  Receiver:system_700
  Message type : MATMAS
  Also in order to accept the relevant Idocs in the system with client 700,you must configure a partner profile that will contain in inbound parameters the relevant message type (MATMAS).
  I hope it is more understood .
  Thank you,
  Boaz

• How to access two entity managers from two different servers?

  Hello
  My test programm is trying to access two glassfish application servers (gf 2.1). The code base of these servers is the same, the persistence layers are just accessing different databases -> one ist the staging/test system, the other the live server.
  After setting the connection and obtaining the em via the class persistence i can not fetch the em from the other system.
            properties.setProperty("org.omg.CORBA.ORBInitialHost", "host1");
            properties.setProperty("org.omg.CORBA.ORBInitialPort", "port1");
                  InitialContext ctx = new InitialContext(properties);
            entityManagerFactory1 = Persistence.createEntityManagerFactory("pu/refdata");               
            entityManager1 = entityManagerFactory.createEntityManager();After that Persistence seems to have been bound to host1 forever, so i can not fetch a reference to the em of host2. There is another createEntityManagerFactory method accepting a map but i dont find any reference for the properties, maybe that would help - dont know.
  Regardless of what i do, any further call to Persistence.createEntityManagerFactory returns the handle of entityManagerFactory1.
  Regards

  I want to use the EntityManagers bound to the DataSources provided by different app servers.
  Below you find an example persistence.xml with three entries. 1 & 2 have the same jta data source, 3 is different.
  My point is that Persistence binds the new factory in a wrong way if the jta data source String has already been resolved.
  If a progamm sets connection properties for app server 1 and fetches an entityManagerFactory for pu/refdata_Live, then sets connection properties for app server 2 with pu/refdata_Test they get different factory instances bound to the same server, in this case app server 1.
  If i know set the connection properties for app server 3 with pu/refdata3 Persistence sees that the jta data source "dbc/ref3" has not yet been resolved and tries to connect to the app server 3. Which it should have done for app server 2 too.
  <persistence-unit name="pu/refdata_Live" transaction-type="JTA">
       <provider>oracle.toplink.essentials.PersistenceProvider</provider>
      <jta-data-source>jdbc/ref</jta-data-source>
      <properties>
        <property name="toplink.ddl-generation" value="none"/>
      </properties>
    </persistence-unit>
      <persistence-unit name="pu/refdata_Test" transaction-type="JTA">
      <provider>oracle.toplink.essentials.PersistenceProvider</provider>
      <jta-data-source>jdbc/ref</jta-data-source>
      <properties>
        <property name="toplink.ddl-generation" value="none"/>
      </properties>
    </persistence-unit>
      <persistence-unit name="pu/refdata3" transaction-type="JTA">
      <provider>oracle.toplink.essentials.PersistenceProvider</provider>
      <jta-data-source>jdbc/ref3</jta-data-source>
      <properties>
        <property name="toplink.ddl-generation" value="none"/>
      </properties>
    </persistence-unit>