CFMX7 with syslog, or log collection/rotation
The end goal is to collect logs from all 5 production
ColdFusion boxes in one place, rotated daily, so we can analyze it
without hopping between servers. To that end I'm wondering whether
anyone has gotten logging against syslog to work in the wild. This
is the way I've done these things for other software packages, so
it's naturally the first thing that comes to mind. However, If
there is some other way to accomplish this that does not involve
collecting the data in one place with syslog, let me know. I'm at
the point where I'm thinking about rolling up scripts to do this
but it seems common enough an interest that someone might have
already accomplished it.
Failing that, if anyone knows best practice for getting a
typical log rotater working against the ColdFusion logs, that would
also be helpful. I'd like logs rotated by date, not by size, unless
logs for one day go over the file size limit. We're running CFMX7
on Red Hat Enterprise Linux.
I've looked in the knowledge base and searched the web and
this forum, but beyond a statement in the docs that you can send
some messages to syslog there's no further information. The
definition of "some", and some knowledge of what facility ID you
need to use with syslog to collect the data, is not to be
found.
The end goal is to collect logs from all 5 production
ColdFusion boxes in one place, rotated daily, so we can analyze it
without hopping between servers. To that end I'm wondering whether
anyone has gotten logging against syslog to work in the wild. This
is the way I've done these things for other software packages, so
it's naturally the first thing that comes to mind. However, If
there is some other way to accomplish this that does not involve
collecting the data in one place with syslog, let me know. I'm at
the point where I'm thinking about rolling up scripts to do this
but it seems common enough an interest that someone might have
already accomplished it.
Failing that, if anyone knows best practice for getting a
typical log rotater working against the ColdFusion logs, that would
also be helpful. I'd like logs rotated by date, not by size, unless
logs for one day go over the file size limit. We're running CFMX7
on Red Hat Enterprise Linux.
I've looked in the knowledge base and searched the web and
this forum, but beyond a statement in the docs that you can send
some messages to syslog there's no further information. The
definition of "some", and some knowledge of what facility ID you
need to use with syslog to collect the data, is not to be
found.
Similar Messages
-
Syslog Reports not collect Syslog.log file Messages
I am doing a installation on CiscoWorks 3.2. after two three weeks I found my syslog services is not working properly. Once I checked on the syslog.log its updated with the device logs as normal. But when I am going to generate report it’s not collect data from the syslog log file. I have notice my syslog analyzer and syslog collator processes are shown as = Program started - No mgt msgs received. Is this normal on the LMS serve?
Anyway I found following error massagers on the SyslogAnalyzer.log file.
cisco.nm.xms.ctm.common.CTMException: CTMRegistryClient::addNewURNEntry URN : SyslogAnalyzerService ErrMsg : URN already in use
at com.cisco.nm.xms.ctm.server.CTMServer.publish(CTMServer.java:253)
at com.cisco.nm.xms.ctm.server.CTMServer.publish(CTMServer.java:180)
at com.cisco.nm.rmeng.sa.SyslogAnalyzerEngine.registerWithCtm(SyslogAnalyzerEngine.java:2267)
at com.cisco.nm.rmeng.sa.SyslogAnalyzerEngine.start(SyslogAnalyzerEngine.java:2189)
at com.cisco.nm.rmeng.sa.SyslogAnalyzerService.main(SyslogAnalyzerService.java:109)
please I need your expertise knowledge to sort out this problem.
Thank you,
Chandimal.k
+94777420771Hi,
Errors Found:
SyslogCollector - [Thread: main] WARN , 15 Dec 2011 14:33:46,505, Unable to resurrect connection to a subscriber.
URN : SyslogAnalyzerService ErrMsg : URN already in use
Try deleting the ctmregistry and ctmregistry.backup files and regenerat your SSL certificate and then resubscribed to the syslog collector.
1. net stop crmdmgtd
2. delete all the server.* files in ../CSCOpx/MDC/Apache/conf/SSL
3. Open a dos shell and cd to:
../CSCOpx/MDC/Apache, and run: perl ConfigSSL.pl -disable and then again perl ConfigSSL.pl -enable
You will see now a lot of questions, please make sure that you enter correctly the question of FQDN!
4. if you don't want to use SSL, run again: perl ConfigSSL.pl -disable
If you use SSL please don't do anything.
5. net start crmdmgtd
Then wait fifteen minutes for all the LMS services to come up before testing.
Thanks -
EEM policy: Syslog ED & logging Discriminator = Crash
Hi everyone!
I found a new bug in cisco IOS 15.1(4)M3 when running EEM script with syslog event detector.
If system logging performed using the "logging discriminator" and run concurrently EEM script with syslog event detector, then Cisco router crash and goes to reboot.
Cisco ISR G2 3925E.Hi Joseph!
SHOW VERSION
=============
i3925E-0-(offline)#sho ver
Cisco IOS Software, C3900e Software (C3900e-UNIVERSALK9_NPE-M), Version 15.1(4)M3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Tue 06-Dec-11 20:22 by prod_rel_team
ass
ROM: System Bootstrap, Version 15.1(1r)T4, RELEASE SOFTWARE (fc1)
i3925E-0-(offline) uptime is 20 hours, 31 minutes
System returned to ROM by bus error at PC 0x14F40AF, address 0x14F40AF at 14:50:19 MSK Thu Mar 15 2012
System restarted at 14:52:14 MSK Thu Mar 15 2012
System image file is "flash0:c3900e-universalk9_npe-mz.SPA.151-4.M3.bin"
Last reload type: Normal Reload
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco CISCO3925-CHASSIS (revision 1.0) with C3900-SPE200/K9 with 1015808K bytes of memory.
Processor board ID FCZ153920YC
4 Gigabit Ethernet interfaces
DRAM configuration is 72 bits wide with parity enabled.
256K bytes of non-volatile configuration memory.
255744K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
Device# PID SN
*0 C3900-SPE200/K9 FOC15357xxx
Technology Package License Information for Module:'c3900e'
Technology Technology-package Technology-package
Current Type Next reboot
ipbase ipbasek9 Permanent ipbasek9
security securityk9_npePermanent securityk9_npe
uc None None None
data None None None
Configuration register is 0x2102
SHOW STACK & REGION
====================
i3925E-0-(offline)#show region
Region Manager:
Start End Size(b) Class Media Name
0x00000000 0x000FFFFF 1048576 IText R/W bios
0x00100000 0x3E0FFFFF 1040187392 Local R/W main
0x0010176C 0x04FE31DF 82713204 IText R/O main:text
0x04FE3200 0x096E892F 74471216 IData R/W main:data
0x096E8930 0x0A2FB1DF 12658864 IBss R/W main:bss
0x0A2FB1E0 0x1BFFB1DF 298844160 Iomem R/W main:iomem
0x1BFFB1E0 0x3BFFFFFF 536890912 Local R/W main:main
0x1BFFB1E0 0x3BFFFFFF 536890912 Local R/W main:heap
Free Region Manager:
Start End Size(b) Class Media Name
i3925E-0-(offline)#sho stack
Minimum process stacks:
Free/Size Name
22876/24000 MRIB IPv6 Init Process
23044/24000 MRIB IPv4 Init Process
10080/12000 EEM Shell Director
42216/60000 EEM TCL Proc
10656/12000 Inspect Init Msg
11036/12000 SPAN Subsystem
39432/48000 Init
58616/60000 EEM Auto Registration Proc
10968/12000 Auto Upgrade Startup Process
10696/12000 DIB error message
11052/12000 SASL MAIN
10884/12000 LICENSE AGENT DEFAULT
10876/12000 RADIUS INITCONFIG
5048/6000 Rom Random Update Process
10996/12000 URPF stats
141636/144000 TCP Command
9552/12000 TFTP Read Process
10944/12000 EM Action CNS
38368/48000 Virtual Exec
Interrupt level stacks:
Level Called Unused/Size Name
1 74177501 16476/18000 Network devices
2 0 18000/18000 One Shot Timer
5 3 17872/18000 Console Uart
7 37018943 17916/18000 Clocktick Interrupt
System was restarted by bus error at PC 0x14F40AF, address 0x14F40AF at 14:50:19 MSK Thu Mar 15 2012
C3900e Software (C3900e-UNIVERSALK9_NPE-M), Version 15.1(4)M3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Compiled Tue 06-Dec-11 20:22 by prod_rel_team (current version)
Image text-base: 0x0010176C, data-base: 0x04FE3200
Stack trace from system failure:
FP: 0x1E9B7170, RA: 0x4FDC574
FP: 0x1E9B719C, RA: 0x4FDC527
FP: 0x1E9B71B8, RA: 0x190D227
FP: 0x1E9B7210, RA: 0x190CE69
FP: 0x1E9B7254, RA: 0x190CC2A
FP: 0x1E9B7270, RA: 0x190CBDB
FP: 0x1E9B7288, RA: 0x190E05A
FP: 0x1E9B72BC, RA: 0x285ED30
******* Information of Last System Crash **********
Using flash0:crashinfo_20120315-145019-MSK.
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Mar 14 10:32:39.945: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
Mar 14 10:32:39.945: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
Mar 14 10:32:39.945: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to down
Mar 14 10:32:39.945: %LINK-3-UPDOWN: Interface GigabitEthernet0/3, changed state to down
Mar 14 10:32:41.185: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
Mar 14 10:32:41.185: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
Mar 14 10:32:41.185: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to down
Mar 14 10:32:41.185: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/3, changed state to downCisco CISCO3925-CHASSIS (revision 1.0) with C3900-SPE200/K9 with 1015808K bytes of memory.
Processor board ID FCZ153920YC
4 Gigabit Ethernet interfaces
DRAM configuration is 72 bits wide with parity enabled.
256K bytes of non-volatile configuration memory.
255744K bytes of ATA System CompactFlash 0 (Read/Write)
CMD: 'version 15.1' 10:32:45 UTC Wed Mar 14 2012
CMD: 'service timestamps debug datetime localtime' 10:32:45 UTC Wed Mar 14 2012
CMD: 'service timestamps log datetime localtime' 10:32:45 UTC Wed Mar 14 2012
CMD: PASSWORD statement not printed
CMD: 'hostname i3925E-0-(offline)' 10:32:45 UTC Wed Mar 14 2012
% Hostname contains one or more illegal characters.
Mar 14 10:32:45: %CNS-3-WARNING: CNS ID not changed: bad hostname -Process= "Init", ipl= 0, pid= 3
Mar 14 10:32:45: %CNS-3-WARNING: CNS ID not changed: bad hostname -Process= "Init", ipl= 0, pid= 3
Mar 14 10:32:45: %CNS-3-WARNING: CNS ID not changed: bad hostname -Process= "Init", ipl= 0, pid= 3
CMD: 'boot-start-marker' 10:32:45 UTC Wed Mar 14 2012
CMD: 'boot system flash0 c3900e-universalk9_npe-mz.SPA.151-4.M3.bin' 10:32:45 UTC Wed Mar 14 2012
CMD: 'boot-end-marker' 10:32:45 UTC Wed Mar 14 2012
CMD: 'logging discriminator DROP mnemonics drops CFGLOG ' 10:32:45 UTC Wed Mar 14 2012
CMD: 'logging buffered 1024000' 10:32:45 UTC Wed Mar 14 2012
CMD: 'no logging console' 10:32:45 UTC Wed Mar 14 2012
CMD: 'logging monitor discriminator DROP' 10:32:45 UTC Wed Mar 14 2012
CMD: PASSWORD statement not printed
CMD: 'no aaa new-model' 10:32:45 UTC Wed Mar 14 2012
CMD: 'clock timezone MSK 4 0' 10:32:45 UTC Wed Mar 14 2012
Mar 14 14:32:45: %SYS-6-CLOCKUPDATE: System clock has been updated from 10:32:45 UTC Wed Mar 14 2012 to 14:32:45 MSK Wed Mar 14 2012, configured from console by console.
CMD: 'no ipv6 cef' 14:32:45 MSK Wed Mar 14 2012
CMD: 'no ip source-route' 14:32:45 MSK Wed Mar 14 2012
CMD: 'ip cef' 14:32:45 MSK Wed Mar 14 2012
CMD: 'no ip domain lookup' 14:32:45 MSK Wed Mar 14 2012
CMD: 'ip name-server 8.8.8.8' 14:32:45 MSK Wed Mar 14 2012
CMD: 'multilink bundle-name authenticated' 14:32:45 MSK Wed Mar 14 2012
CMD: 'crypto pki token default removal timeout 0' 14:32:45 MSK Wed Mar 14 2012
CMD: 'license udi pid C3900-SPE200/K9 sn xxxxxxxxxxxx' 14:32:45 MSK Wed Mar 14 2012
CMD: 'archive' 14:32:45 MSK Wed Mar 14 2012
CMD: ' log config' 14:32:45 MSK Wed Mar 14 2012
CMD: ' logging enable' 14:32:45 MSK Wed Mar 14 2012
CMD: ' notify syslog contenttype plaintext' 14:32:45 MSK Wed Mar 14 2012
CMD: ' path flash:/CFG/config' 14:32:45 MSK Wed Mar 14 2012
CMD: ' write-memory' 14:32:45 MSK Wed Mar 14 2012
CMD: 'redundancy' 14:32:45 MSK Wed Mar 14 2012
CMD: 'ip rcmd remote-host user x.x.x.x user enable' 14:32:45 MSK Wed Mar 14 2012
CMD: 'interface GigabitEthernet0/0' 14:32:45 MSK Wed Mar 14 2012
CMD: ' description if-to-Customers' 14:32:45 MSK Wed Mar 14 2012
CMD: ' bandwidth 1000000' 14:32:45 MSK Wed Mar 14 2012
CMD: ' no ip address' 14:32:45 MSK Wed Mar 14 2012
CMD: ' load-interval 30' 14:32:45 MSK Wed Mar 14 2012
CMD: ' duplex auto' 14:32:45 MSK Wed Mar 14 2012
CMD: ' speed auto' 14:32:45 MSK Wed Mar 14 2012
CMD: ' media-type rj45' 14:32:45 MSK Wed Mar 14 2012
CMD: 'interface GigabitEthernet0/0.98' 14:32:45 MSK Wed Mar 14 2012
CMD: ' encapsulation dot1Q 98' 14:32:45 MSK Wed Mar 14 2012
CMD: ' ip address x.x.x.x 255.255.255.0' 14:32:45 MSK Wed Mar 14 2012
CMD: ' ip nat outside' 14:32:45 MSK Wed Mar 14 2012
CMD: ' no ip virtual-reassembly in' 14:32:46 MSK Wed Mar 14 2012
Mar 14 14:32:46: %IP_VFR-7-FEATURE_DISABLE_IN: VFR(in) is manually disabled through CLI; VFR support for features that have internally enabled, will be made available only when VFR is enabled manually on interface GigabitEthernet0/0.98
CMD: ' arp timeout 180' 14:32:46 MSK Wed Mar 14 2012
CMD: 'interface GigabitEthernet0/1' 14:32:46 MSK Wed Mar 14 2012
CMD: ' bandwidth 1000000' 14:32:46 MSK Wed Mar 14 2012
CMD: ' no ip address' 14:32:46 MSK Wed Mar 14 2012
CMD: ' no ip unreachables' 14:32:46 MSK Wed Mar 14 2012
CMD: ' load-interval 30' 14:32:46 MSK Wed Mar 14 2012
CMD: ' shutdown' 14:32:46 MSK Wed Mar 14 2012
CMD: ' duplex auto' 14:32:46 MSK Wed Mar 14 2012
CMD: ' speed auto' 14:32:46 MSK Wed Mar 14 2012
CMD: ' media-type rj45' 14:32:46 MSK Wed Mar 14 2012
CMD: 'interface GigabitEthernet0/2' 14:32:46 MSK Wed Mar 14 2012
CMD: ' no ip address' 14:32:46 MSK Wed Mar 14 2012
CMD: ' shutdown' 14:32:46 MSK Wed Mar 14 2012
CMD: ' duplex auto' 14:32:46 MSK Wed Mar 14 2012
CMD: ' speed auto' 14:32:46 MSK Wed Mar 14 2012
CMD: 'interface GigabitEthernet0/3' 14:32:46 MSK Wed Mar 14 2012
CMD: ' no ip address' 14:32:46 MSK Wed Mar 14 2012
CMD: ' duplex auto' 14:32:46 MSK Wed Mar 14 2012
CMD: ' speed auto' 14:32:46 MSK Wed Mar 14 2012
CMD: 'ip forward-protocol nd' 14:32:46 MSK Wed Mar 14 2012
CMD: 'no ip http server' 14:32:46 MSK Wed Mar 14 2012
CMD: 'no ip http secure-server' 14:32:46 MSK Wed Mar 14 2012
CMD: 'ip flow-export version 5' 14:32:46 MSK Wed Mar 14 2012
CMD: 'ip flow-export destination x.x.x.x xxxx 14:32:46 MSK Wed Mar 14 2012
CMD: 'ip flow-top-talkers' 14:32:46 MSK Wed Mar 14 2012
CMD: ' top 50' 14:32:46 MSK Wed Mar 14 2012
CMD: ' sort-by bytes' 14:32:46 MSK Wed Mar 14 201
CMD: 'ip route 0.0.0.0 0.0.0.0 x.x.x.x' 14:32:46 MSK Wed Mar 14 2012
CMD: 'logging source-interface GigabitEthernet0/0.98' 14:32:46 MSK Wed Mar 14 2012
CMD: 'logging host x.x.x.x discriminator DROP' 14:32:46 MSK Wed Mar 14 2012
CMD: 'logging host x.x.x.x discriminator DROP' 14:32:46 MSK Wed Mar 14 2012
CMD: PASSWORD statement not printed
CMD: 'snmp-server host x.x.x.x public ' 14:32:46 MSK Wed Mar 14 2012
CMD: 'snmp-server manager' 14:32:46 MSK Wed Mar 14 2012
CMD: 'control-plane' 14:32:46 MSK Wed Mar 14 2012
CMD: 'line con 0' 14:32:46 MSK Wed Mar 14 2012
CMD: PASSWORD statement not printed
CMD: ' logging synchronous' 14:32:46 MSK Wed Mar 14 2012
CMD: ' login' 14:32:46 MSK Wed Mar 14 2012
CMD: 'line aux 0' 14:32:46 MSK Wed Mar 14 2012
CMD: ' login' 14:32:46 MSK Wed Mar 14 2012
CMD: ' no exec' 14:32:46 MSK Wed Mar 14 2012
CMD: 'line vty 0 5' 14:32:46 MSK Wed Mar 14 2012
CMD: ' exec-timeout 30 0' 14:32:46 MSK Wed Mar 14 2012
CMD: PASSWORD statement not printed
CMD: ' logging synchronous' 14:32:46 MSK Wed Mar 14 2012
CMD: ' login' 14:32:46 MSK Wed Mar 14 2012
CMD: ' transport input all' 14:32:46 MSK Wed Mar 14 2012
CMD: 'scheduler allocate 20000 1000' 14:32:46 MSK Wed Mar 14 2012
CMD: 'ntp server x.x.x.x' 14:32:46 MSK Wed Mar 14 2012
CMD: 'event manager environment _syslog_test Configured' 14:32:46 MSK Wed Mar 14 2012
CMD: 'event manager directory user policy "flash0:/USER/"' 14:32:46 MSK Wed Mar 14 2012
CMD: 'event manager directory user repository flash0:/USER/' 14:32:46 MSK Wed Mar 14 2012
CMD: 'event manager policy Multiple-test.tcl' 14:32:46 MSK Wed Mar 14 2012
Mar 14 14:32:46: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up
CMD: 'end' 14:32:46 MSK Wed Mar 14 2012
Mar 14 14:32:46: %SYS-5-CONFIG_I: Configured from memory by console
SETUP: new interface NVI0 placed in "shutdown" state
Mar 14 14:32:48: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to reset
Mar 14 14:32:48: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
Mar 14 14:32:48: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
Mar 14 14:32:49: %LINK-5-CHANGED: Interface NVI0, changed state to administratively down
Mar 14 14:32:49: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
Mar 14 14:32:50: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to down
Mar 14 14:32:52: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down
Mar 14 14:32:55: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
Mar 14 14:32:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
Mar 14 14:32:56: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3900e Software (C3900e-UNIVERSALK9_NPE-M), Version 15.1(4)M3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Tue 06-Dec-11 20:22 by prod_rel_team
Mar 14 14:32:56: %SNMP-5-COLDSTART: SNMP agent on host i3925E-0-(offline) is undergoing a cold start
Mar 14 14:32:58: %SYS-6-BOOTTIME: Time taken to reboot after reload = 121 seconds
Mar 14 14:32:59: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host xx.x..xx port 514 started - CLI initiated
CMD: 'enable' 14:36:05 MSK Thu Mar 15 2012
CMD: 'sho event manager policy registered ' 14:36:12 MSK Thu Mar 15 2012
CMD: 'sho logg' 14:36:26 MSK Thu Mar 15 2012
CMD: 'sho run | inc logg' 14:37:34 MSK Thu Mar 15 2012
CMD: 'sho run | sec DROP' 14:38:35 MSK Thu Mar 15 2012
CMD: 'sho run | sec CFGLOG' 14:39:09 MSK Thu Mar 15 2012
CMD: 'conf t' 14:39:42 MSK Thu Mar 15 2012
CMD: 'no logging discriminator DROP mnemonics drops CFGLOG ' 14:39:45 MSK Thu Mar 15 2012
Mar 15 14:39:45: %PARSER-5-CFGLOG_LOGGEDCMD: User:vty0 logged command:no logging discriminator DROP
CMD: 'conf t' 14:39:51 MSK Thu Mar 15 2012
CMD: 'logging monitor ' 14:40:16 MSK Thu Mar 15 2012
Mar 15 14:40:16: %PARSER-5-CFGLOG_LOGGEDCMD: User:vty0 logged command:logging monitor
CMD: 'do sho logg' 14:40:24 MSK Thu Mar 15 2012
CMD: 'sho logg' 14:40:24 MSK Thu Mar 15 2012
CMD: 'logging buffered ' 14:40:41 MSK Thu Mar 15 2012
Mar 15 14:40:41: %PARSER-5-CFGLOG_LOGGEDCMD: User:vty0 logged command:logging buffered
CMD: 'logg x.x.x.x 14:41:04 MSK Thu Mar 15 2012
Mar 15 14:41:04: %PARSER-5-CFGLOG_LOGGEDCMD: User:vty0 logged command:logging x.x.x.x
CMD: 'do sho logg' 14:41:12 MSK Thu Mar 15 2012
CMD: 'sho logg' 14:41:12 MSK Thu Mar 15 2012
CMD: 'do sho logg | inc DROP' 14:41:44 MSK Thu Mar 15 2012
CMD: 'sho logg | inc DROP' 14:41:44 MSK Thu Mar 15 2012
CMD: 'do sho logg ' 14:41:55 MSK Thu Mar 15 2012
CMD: 'sho logg' 14:41:55 MSK Thu Mar 15 2012
CMD: 'do term mon' 14:42:13 MSK Thu Mar 15 2012
CMD: 'term mon' 14:42:13 MSK Thu Mar 15 2012
CMD: 'exi' 14:42:20 MSK Thu Mar 15 2012
Mar 15 14:42:20: %SYS-5-CONFIG_I: Configured from console by vty0 (x.x.x.x)
Mar 15 14:42:20: %HA_EM-6-LOG: Multiple-test.tcl: START polycy #1...
Mar 15 14:42:20: %HA_EM-6-LOG: Multiple-test.tcl: ENTRY status not exist...
CMD: 'conf t' 14:47:16 MSK Thu Mar 15 2012
Mar 15 14:47:17: %SYS-5-CONFIG_I: Configured from console by vty0 ()
Mar 15 14:47:17: %HA_EM-6-LOG: Multiple-test.tcl: START polycy #1...
Mar 15 14:47:17: %HA_EM-6-LOG: Multiple-test.tcl: ENTRY status not exist...
CMD: 'sho run | inc logg' 14:48:27 MSK Thu Mar 15 2012
CMD: 'conf t' 14:48:40 MSK Thu Mar 15 2012
CMD: 'logging discriminator DROP1 mnemonics drops HA_EM ' 14:48:59 MSK Thu Mar 15 2012
Mar 15 14:48:59: %PARSER-5-CFGLOG_LOGGEDCMD: User:vty0 logged command:logging discriminator DROP1 mnemonics drops HA_EM
CMD: 'logging discriminator DROP1 mnemonics drops LOG ' 14:49:17 MSK Thu Mar 15 2012
Mar 15 14:49:17: %PARSER-5-CFGLOG_LOGGEDCMD: User:vty0 logged command:logging discriminator DROP1 mnemonics drops LOG
Mar 15 14:49:19: %SYS-5-CONFIG_I: Configured from console by vty0 ()
Mar 15 14:49:19: %HA_EM-6-LOG: Multiple-test.tcl: START polycy #1...
Mar 15 14:49:19: %HA_EM-6-LOG: Multiple-test.tcl: ENTRY status not exist...
CMD: 'conf t' 14:49:27 MSK Thu Mar 15 2012
CMD: 'logging monitor discriminator DROP1' 14:50:19 MSK Thu Mar 15 2012
Mar 15 14:50:19: %PARSER-5-CFGLOG_LOGGEDCMD: User:vty0 logged command:logging monitor discriminator DROP1
Mar 15 14:50:19: %SYS-5-CONFIG_I: Configured from console by vty0 ()
14:50:19 MSK Thu Mar 15 2012: Unexpected exception to CPU: vector D, PC = 0x14F40AF
-Traceback= 14F40AF 85A 4FDC574 4FDC527 190D227 190CE69 190CC2A 190CBDB
CPU Register Context:
EAX = 0x1E9B71D4 ECX = 0x014F408B EDX = 0x1E9B71D0 EBX = 0x000000D3
ESP = 0x1E9B70C8 EBP = 0x1E9B7170 ESI = 0x0000085A EDI = 0x00000001
EIP = 0x014F40AF PS = 0x00010206 CS = 0x00000008 SS = 0x00000010
DS = 0x00000010 ES = 0x00000010 FS = 0x00000010 GS = 0x00000010
========= Start of Crashinfo Collection (14:50:19 MSK Thu Mar 15 2012) =========
For image:
Cisco IOS Software, C3900e Software (C3900e-UNIVERSALK9_NPE-M), Version 15.1(4)M3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Tue 06-Dec-11 20:22 by prod_rel_team
========= Malloc and Free Traces ===============================================
MallocFree Trace: ixmallocfree=0xD ptr=0x9DD3C48
9DD3BE0: 1F421B68 4E5DD21 1F4223A0 600003B2 1F6F1E40 4000061C 1F6F1E40 4E4B0D3
9DD3C00: 1F6F1E40 4E4BC70 1F6F2AA8 60000398 1FB0DA8C 15677BC 1FB0E678 600003C6
9DD3C20: 1F1DB08C 40000060 1F1DB08C 153FBB1 1D9E48E4 40000204 1D9E48E4 190D088
9DD3C40: 1F40912C 40000546 1F40912C 190D133 1FB0E678 400002CA 1FB0E678 4E4B0D3
9DD3C60: 1FB0E678 4E6187F 1FB0EC3C 600000E4 1F4223A0 400002CA 1F4223A0 4E4B0D3
9DD3C80: 1F4223A0 4E6187F 1F422964 600000D0 1D9E48E4 400002CA 1D9E48E4 4E4B0D3
9DD3CA0: 1D9E48E4 4E6187F 1D9E4EA8 60000096 1FB0E678 400002CA 1FB0E678 4E4B0D3
9DD3CC0: 1FB0E678 4E6187F 1FB0EC3C 600000E4 1F4223A0 400002CA 1F4223A0 4E4B0D3
9DD3CE0: 1F4223A0 4E6187F 1F422964 600000D0 1D9E48E4 400002CA 1D9E48E4 4E4B0D3
9DD3D00: 1D9E48E4 4E6187F 1D9E4EA8 60000096 1FB0E678 400002CA 1FB0E678 4E4B0D3
9DD3D20: 1FB0E678 4E6187F 1FB0EC3C 600000E4 1F4223A0 400002CA 1F4223A0 4E4B0D3
9DD3D40: 1F4223A0 4E6187F 1F422964 600000D0 1D9E48E4 400002CA 1D9E48E4 4E4B0D3
9DD3D60: 1D9E48E4 4E6187F 1D9E4EA8 60000096 1FB0E678 400002CA 1FB0E678 4E4B0D3
9DD3D80: 1FB0E678 4E6187F 1FB0EC3C 600000E4 1F4223A0 400002CA 1F4223A0 4E4B0D3
9DD3DA0: 1F4223A0 4E6187F 1F422964 600000D0 1D9E48E4 400002CA 1D9E48E4 4E4B0D3
9DD3DC0: 1D9E48E4 4E6187F 1D9E4EA8 60000096 1F1DB834 4E62135 1F1DBE04 600000E2
ChunkMallocFree Trace: ixchunkmallocfree=0x9 ptr=0x9DEF16C
9DEF100: 285CF44 28617F9 1EB10BE4 318BF3 307732 1C18ED7C 318C3F 305775
9DEF120: 1D4F63F0 318C3F 3057C6 1D4F63F0 318C3F 3057C6 1D4F63A0 318BF3
9DEF140: 3058E1 1C18ED7C 285CF44 285B561 1EB10BE4 285CEA5 285B561 1F6982FC
9DEF160: 318BA3 30E02B 1D4F5754 1B16955 1B161B1 1C5644BC 285CF44 28617F9
9DEF180: 1EB10BE4 318BF3 307732 1C18ED7C 318C3F 305775 1D4F63F0 318B53
9DEF1A0: 3118A0 1D4F4804 318B53 3118A0 1D4F4828 318B53 3118A0 1D4F484C
9DEF1C0: 318C3F 3057C6 1D4F63F0 318BF3 3058E1 1C18ED7C 285CF44 285B561
9DEF1E0: 1EB10BE4 285CEA5 285B561 1F6982FC 285CEA5 285B35F 1F6982FC 285CF44
9DEF200: 28617F9 1EB10BE4 318BF3 307732 1C18ED7C 318C3F 305775 1D4F63F0
9DEF220: 318C3F 3057C6 1D4F63F0 318BF3 3058E1 1C18ED7C 285CF44 285B561
9DEF240: 1EB10BE4 285CEA5 285B561 1F6982FC 285CEA5 285B35F 1F6982FC 285CF44
9DEF260: 28617F9 1EB10BE4 318BF3 307732 1C18ED7C 318C3F 305775 1D4F63F0
9DEF280: 318C3F 3057C6 1D4F63F0 318BF3 3058E1 1C18ED7C 285CF44 285B561
9DEF2A0: 1EB10BE4 285CEA5 285B561 1F6982FC 285CEA5 285B35F 1F6982FC 285CF44
9DEF2C0: 28617F9 1EB10BE4 318BF3 307732 1C18ED7C 318C3F 305775 1D4F63F0
9DEF2E0: 318B53 311807 1D4F4804 318B53 311807 1D4F4828 318B53 311807
9DEF300: 1D4F484C 318C3F 3057C6 1D4F63F0 318BF3 3058E1 1C18ED7C 285CF44
9DEF320: 285B561 1EB10BE4 285CEA5 285B561 1F6982FC 285CEA5 285B35F 1F6982FC
9DEF340: 285CF44 28617F9 1EB10BE4 318BF3 307732 1C18ED7C 318C3F 305775
9DEF360: 1D4F63F0 318C3F 3057C6 1D4F63F0 318BF3 3058E1 1C18ED7C 285CF44
9DEF380: 285B561 1EB10BE4 285CEA5 285B561 1F6982FC 285CEA5 285B35F 1F6982FC
9DEF3A0: 285CF44 28617F9 1EB10BE4 318BF3 307732 1C18ED7C 318C3F 305775
9DEF3C0: 1D4F63F0 318C3F 3057C6 1D4F63F0 318BF3 3058E1 1C18ED7C 285CF44
9DEF3E0: 285B561 1EB10BE4 285CEA5 285B561 1F6982FC 285CEA5 285B35F 1F6982FC
========= Stack Trace ==========================================================
-Traceback= 14F40AF 85A 4FDC574 4FDC527 190D227 190CE69 190CC2A 190CBDB
========= Context ==============================================================
C3900e Software (C3900e-UNIVERSALK9_NPE-M), Version 15.1(4)M3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Compiled Tue 06-Dec-11 20:22 by prod_rel_team
CPU Register Context:
EAX = 0x1E9B71D4 ECX = 0x014F408B EDX = 0x1E9B71D0 EBX = 0x000000D3
ESP = 0x1E9B70C8 EBP = 0x1E9B7170 ESI = 0x0000085A EDI = 0x00000001
EIP = 0x014F40AF PS = 0x00010206 CS = 0x00000008 SS = 0x00000010
DS = 0x00000010 ES = 0x00000010 FS = 0x00000010 GS = 0x00000010
Signal = 10 Vector = 0xD
========= Stack Dump ===========================================================
Stack Frame Pointer in Context is 0x1E9B70C8, at process level
1E9B6CC8: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6CE8: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6D08: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6D28: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6D48: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6D68: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6D88: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6DA8: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6DC8: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6DE8: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6E08: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6E28: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6E48: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6E68: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6E88: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6EA8: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6EC8: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6EE8: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6F08: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6F28: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6F48: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6F68: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
1E9B6F88: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF 1C1F0AC0
1E9B6FA8: 4B0 60381F1C 1C1F0AC0 328 1E63B504 438 4C4BD51D 1E63B504
1E9B6FC8: ABC 4C4BD51D E46F9B1E 8D9DFC04 1DD54B4C 1E9B6FF8 0 84709B1E
1E9B6FE8: C45A8802 1D88C6B8 1E9B6FF8 288CB4A 0 804E3F1F 0 6D6A2500
1E9B7008: 8A1A0000 0 10000F1 0 0 10000F1 1000000 2000000
1E9B7028: 0 0 0 F80C0000 0 58709B1E 9700520 404AD28
1E9B7048: 0 9700520 404B7E4 0 9700520 3 B0709B1E 335D8402
1E9B7068: 1C1ED564 0 0 9700520 3 404B7E4 1 0
1E9B7088: CD41E1C 1C1ED40C 0 36010000 6000000 30000000 1E9B716C 8A080000
1E9B70A8: D3000000 1E9B7178 5A080000 70719B1E 0 AF404F01 470E1000 D000000
1E9B70C8: E4709B1E FCF98202 9700520 0 7AF78202 31340000 0 33B5631E
1E9B70E8: C0D15B1E 1 3490401F 0 6000000 73000000 3000000 1000000
1E9B7108: 1E9B70DC 4000000 1000000 0 0 1E9B70F0 0 5A080000
1E9B7128: 85A 1F409357 1 7C080000 1E9B7134 1E9B7180 87070000 5A080000
1E9B7148: FFFFFFFF 0 0 D3000000 0 20000000 0 FFFFFFFF
1E9B7168: FFFFFFFF 1E9B7178 9C719B1E 74C5FD04 1F40942A FFFFFFFF 54BED16 D4719B1E
1E9B7188: 0 85A 986FF51E 7454F51E 9C62CC0 B8719B1E 27C5FD04 1F409357
1E9B71A8: 85A 54BEC40 CC719B1E CC719B1E 10729B1E 27D29001 1F409357 85A
1E9B71C8: 54BEC40 4 1 1D9E48E4 1F4091F1 9C0 29 1
1E9B71E8: 0 3 9C64024 9C62CC0 7454F51E 9C62CFC 1D9E48E4 7454F51E
1E9B7208: 78AEA71E 986FF51E 54729B1E 69CE9001 C737F1E 64E6EC1D 1 1572B8
1E9B7228: 1 0 9C62CC0 78AEA71E 1EA7AE78 9C62CC0 A000000 150000
1E9B7248: C02CC609 0 15000000 70729B1E 2ACC9001 D9BE8502 1DECE6C4 1E9B72B8
1E9B7268: 9C62CC0 A000000 88729B1E DBCB9001 1E9B72B0 90729B1E 1E9B72B0 9C62CC0
1E9B7288: BC729B1E 5AE09001 9C62CC0 1DECE664 0 1 0 0
1E9B72A8: 0 0 2 1E865DD0 2 0 30ED8502 0
1E9B72C8: FD0110DF AB1234CD FFFE0000 0 515505C 18DA0DD 1E9B732C 1E9B342C
1E9B72E8: 80000018 1 0 1000001 1C1F0F70 1E7FD4FC 1E7FD460 6ADF740
1E9B7308: C 4000000 0 1D22 FFFFFFFF FFFFFFFF FFFFFFFF 0
1E9B7328: FD0110DF AB1234CD FFFE0000 0 515505C 18DA0DD 1E9B738C 1E9B72E0
1E9B7348: 80000018 1 0 1000001 1C1F0F70 1E3CD1D8 1E7FD4B0 6AE25A0
1E9B7368: E 4000000 0 204F FFFFFFFF FFFFFFFF FFFFFFFF 0
1E9B7388: FD0110DF AB1234CD FFFE0000 0 515505C 18DA101 1E9B73D8 1E9B7340
1E9B73A8: 8000000E 1 0 1000001 1C1F0F70 746D5F66 7379735F 75736167
1E9B73C8: 652E7463 6C000000 0 FD0110DF AB1234CD FFFE0000 0 515505C
1E9B73E8: 18DA0DD 1E9B7438 1E9B73A0 80000018 1 0 1000001 1C1F0F70
1E9B7408: 1E7FD5A8 1E7FD55C 0 11 6000000 0 0 FFFFFFFF
1E9B7428: FFFFFFFF FFFFFFFF 0 FD0110DF AB1234CD FFFE0000 0 515505C
1E9B7448: 18DA101 1E9B7484 1E9B73EC 8000000E 1 0 1000001 1C1F0F70
1E9B7468: 65656D5F 706E745F 30000000 0 0 0 FD0110DF AB1234CD
1E9B7488: FFFE0000 0 515505C 18DA0DD 1E9B74E4 1E9B744C 80000018 1
1E9B74A8: 0 1000001 1C1F0F70 1E9B78BC 1E7FD608 0 14 6000000
========= Process Level Info ===================================================
---- Current Process Stack (0x324 bytes used, out of 0x3E80 available) ----
Current SP = 0x1E9B70C8, saved SP = 0x1C1D2628
1E9B6FA4: 1C1F0AC0 4B0 60381F1C 1C1F0AC0 328 1E63B504 438 4C4BD51D
1E9B6FC4: 1E63B504 ABC 4C4BD51D E46F9B1E 8D9DFC04 1DD54B4C 1E9B6FF8 0
1E9B6FE4: 84709B1E C45A8802 1D88C6B8 1E9B6FF8 288CB4A 0 804E3F1F 0
1E9B7004: 6D6A2500 8A1A0000 0 10000F1 0 0 10000F1 1000000
1E9B7024: 2000000 0 0 0 F80C0000 0 58709B1E 9700520
1E9B7044: 404AD28 0 9700520 404B7E4 0 9700520 3 B0709B1E
1E9B7064: 335D8402 1C1ED564 0 0 9700520 3 404B7E4 1
1E9B7084: 0 CD41E1C 1C1ED40C 0 36010000 6000000 30000000 1E9B716C
1E9B70A4: 8A080000 D3000000 1E9B7178 5A080000 70719B1E 0 AF404F01 470E1000
1E9B70C4: D000000 E4709B1E FCF98202 9700520 0 7AF78202 31340000 0
1E9B70E4: 33B5631E C0D15B1E 1 3490401F 0 6000000 73000000 3000000
1E9B7104: 1000000 1E9B70DC 4000000 1000000 0 0 1E9B70F0 0
1E9B7124: 5A080000 85A 1F409357 1 7C080000 1E9B7134 1E9B7180 87070000
1E9B7144: 5A080000 FFFFFFFF 0 0 D3000000 0 20000000 0
1E9B7164: FFFFFFFF FFFFFFFF 1E9B7178 9C719B1E 74C5FD04 1F40942A FFFFFFFF 54BED16
1E9B7184: D4719B1E 0 85A 986FF51E 7454F51E 9C62CC0 B8719B1E 27C5FD04
1E9B71A4: 1F409357 85A 54BEC40 CC719B1E CC719B1E 10729B1E 27D29001 1F409357
1E9B71C4: 85A 54BEC40 4 1 1D9E48E4 1F4091F1 9C0 29
1E9B71E4: 1 0 3 9C64024 9C62CC0 7454F51E 9C62CFC 1D9E48E4
1E9B7204: 7454F51E 78AEA71E 986FF51E 54729B1E 69CE9001 C737F1E 64E6EC1D 1
1E9B7224: 1572B8 1 0 9C62CC0 78AEA71E 1EA7AE78 9C62CC0 A000000
1E9B7244: 150000 C02CC609 0 15000000 70729B1E 2ACC9001 D9BE8502 1DECE6C4
1E9B7264: 1E9B72B8 9C62CC0 A000000 88729B1E DBCB9001 1E9B72B0 90729B1E 1E9B72B0
1E9B7284: 9C62CC0 BC729B1E 5AE09001 9C62CC0 1DECE664 0 1 0
1E9B72A4: 0 0 0 2 1E865DD0 2 0 30ED8502
1E9B72C4: 0
========= Interrupt Level Stack Dump ===========================================
========= Interrupt Stack ======================================================
---- Level 1 Interrupt stack (0x618 bytes used, out of 0x4650 available) ----
intstacks[1]: base 0x1D48ED84 stack 0x1D4933D0 routine 0x1F41F6
size 0x4650 low 0x4650 desc Network devices
1D492DBC: E02D491D E02D491D E82D491D E82D491D B7222000 7000000 8000000 78000000
1D492DDC: 1CA7DAA0 C0000000 1000000 302E491D 102E491D 102E491D B7222000 7000000
1D492DFC: 28000000 28000000 0 C0000000 1000000 682E491D 521E2000 882E491D
1D492E1C: 582F491D 0 582F491D 782E491D 938FDB01 802E491D 938FDB01 5C2E491D
1D492E3C: 1 0 0 882E491D 42F491D 1D492E88 42F491D FC31491D
1D492E5C: A0103FB 1CA7DAA0 A0DAA71C 0 0 0 A0103FB 802F491D
1D492E7C: 778BDD01 1CA7DAA0 A0103FB 1D492F58 0 0 0 1
1D492E9C: 1 0 0 0 0 40010000 1D492F04 0
1D492EBC: 42F491D E02E491D 15B2DD01 E030491D 9CD4EEC 282F491D 982F491D 7431491D
1D492EDC: 1CA7DAA0 FC2E491D 1D44DD01 1D492F04 7431491D 982F491D 1CA7DAA0 B12D612
1D492EFC: E831491D E5722E00 1CA7DAA0 B12D612 B12D626 0 0 0
1D492F1C: A0002FB FFFFFFFF 0 0 0 17 60000 0
1D492F3C: 0 0 0 0 1C1F0E44 70461F1C 682F491D 8D9DFC04
1D492F5C: 1C1F4670 1D492F7C E065351C 830491D C45A8802 1D88C598 1D492F7C 288CB4A
1D492F7C: 8A7A2E00 6000000 0 1CA7DAA0 6 FFFFFFFE 1CA7DAA0 FFFFFFFE
1D492F9C: 0 1000004 8D9DFC04 1C1F4670 1D492FC8 6014341C 5430491D 1CA7DAA0
1D492FBC: 1D88C598 1CA7DAA0 288CB4A EC2F491D EC2F491D B7222000 7000000 1D5C9D44
1D492FDC: 1430491D 37478502 6 1030491D AD324C00 0 6000000 F027981D
1D492FFC: 1D982800 1D9827F0 2020000 C7188502 206 1D9826A0 1D98279C 97B785C
1D49301C: 3830491D 446B9000 97B785C 1D98279C 2 A026981D 1 6030491D
1D49303C: 57958502 1 46020000 88929000 206 0 5C30491D 8929000
1D49305C: 8C30491D 2B938502 1 8430491D 8430491D 21EB8402 1000000 1C179EC8
1D49307C: C89E171C 1C3565E0 6 A026981D A030491D D3C18502 0 1C3565E0
1D49309C: 1C3565E0 BC30491D 4BFC4A00 1C179EC8 C430491D ED24BB01 1C179EC8 FB02000A
1D4930BC: FB02000A 6 D030491D 8F52B701 5862340A 2031491D 9E49B701 1C3565E0
1D4930DC: 57F85000 1CA7DAA0 B12D612 2418541C 1CA7DAA0 E065351C 9195000 1040000
1D4930FC: A0002FB 56142C4 767CCA09 6 1D60B6C0 3031491D E065351C 7
1D49311C: 1C3565E0 3431491D CAB98602 1C3565E0 A34624A 1C3565E0 A831491D 12488B02
1D49313C: 7 1C3565E0 0 0 0 1 0 1D4931B0
1D49315C: 0 1 0 757CCA09 1 8061631E E065351C A0DAA71C
1D49317C: 0 4A62340A 80000 4 1 E065351C E065351C 1D60B6C0
1D49319C: E065351C A34624A 1C541824 C831491D 62378B02 94E38402 6D31268 0
1D4931BC: 1C3565E0 63 E065351C DC31491D CAB98602 1C3565E0 63 1C3565E0
1D4931DC: C32491D 91504900 63 A0DAA71C 9000000 9 C32491D 34A38202
1D4931FC: 1E1000DC 1E107EAC 28AA52D 28AA52D 3432491D 2DA58A02 1E1000DC 1E107EAC
1D49321C: 1 0 1E107EAC 1CA7DAA0 9000000 A0DAA71C 8832491D 25121F00
1D49323C: 9 1CA7DAA0 12000000 D6120B A0DAA71C 1C3565E0 A0DAA71C E04E4900
1D49325C: 1D630C4C 1D653C00 D6120B 1CA7DAA0 4662340A 1D60B6C0 A0DAA71C 10000
1D49327C: 2834FA 1D60B6C0 18DBA71C A032491D 11251F00 6A86E44 A0DAA71C 10000
1D49329C: B12D60C C33491D 627A2800 1D60B6C0 1CA7DAA0 2834FA B12D60C 8C5A8802
1D4932BC: 7000000 0 C0B6601D A0DAA71C 7EAF8802 38D4601D 0 F832491D
1D4932DC: B12D600 620000 1D60B6C0 1C541824 1C541824 0 1CA7DAA0 1D60C348
1D4932FC: A0DAA71C 60CACB0A 1D60B6C0 F8A0D306 8833491D 519E2800 8833491D 5C33491D
1D49331C: 5C33491D 5AD94700 1D60B6C0 38D4601D 60E90106 5D6FE9C 600 6033491D
1D49333C: 57958502 18DBA71C 1CA7DAA0 0 1CA7DAA0 1D60D438 F8050000 F0CFCB0A
1D49335C: 38D4601D 60CACB0A 0 C0B6601D C0B6601D 1D60B6C0 B4E8621D 1D662380
1D49337C: 0 20 1CA7DAA0 AC33491D 1AA62800 1D60B6C0 0 0
1D49339C: 1 1D60B6C0 1D60B6C0 80060000 C433491D 73A62800 C433491D 85A82500
1D4933BC: 80060000 14983206 8C709B1E 1E212000 1D60B6C0 FFFFFFFF
---- Level 2 Interrupt stack (0x0 bytes used, out of 0x4650 available) ----
intstacks[2]: base 0x1D48A734 stack 0x1D48ED80 routine 0x25650A
size 0x4650 low 0x4650 desc One Shot Timer
---- Level 5 Interrupt stack (0x80 bytes used, out of 0x4650 available) ----
intstacks[5]: base 0x1D4860E4 stack 0x1D48A730 routine 0x20C4F6
size 0x4650 low 0x4650 desc Console Uart
1D48A6B4: C4A6481D 17BF2000 3F90000 D000000 DCA6481D E1BA2000 FFFFFFFF E0A6481D
1D48A6D4: 17BF2000 1C17676F 8A7481D 24C42000 1C174618 FFFFFFFF FFFFFFFF FFFFFFFF
1D48A6F4: 1C174618 0 8A7481D CCBE2000 2FA0000 28A7481D 6CC52000 FFFFFFFF
1D48A714: FFFFFFFF FFFFFFFF 30A7481D F6C42000 4983206 B0E3781D C6222000 FFFFFFFF
---- Level 7 Interrupt stack (0x54 bytes used, out of 0x4650 available) ----
intstacks[7]: base 0x1D481A94 stack 0x1D4860E0 routine 0x91D8F0
size 0x4650 low 0x4650 desc Clocktick Interrupt
1D486090: 0 536CFF2 0 536CFF6 1D78E474 46020000 D22B8502 202
1D4860B0: EDBF9000 FFFFFFFF C860481D 6B872200 D060481D 67938202 D060481D 25DA9100
1D4860D0: D860481D BFD99100 20261D1C C6222000 FFFFFFFF
========= Register Memory Dump =================================================
Reg00(EAX): 1E9B71D4
Reg01(EBX): D3
Reg02(ECX): 14F408B
Reg03(EDX): 1E9B71D0
Reg04(ESP): 1E9B70C8
Reg05(EBP): 1E9B7170
Reg06(ESI): 85A
Reg07(EDI): 1
Reg08(EIP): 14F40AF
Reg09(PS ): 10206
Reg10(CS ): 8
Reg11(SS ): 10
Reg12(DS ): 10
Reg13(ES ): 10
Reg14(FS ): 10
Reg15(GS ): 10
buffer check=0 sched_hc=0x0
---- block0 ptr=1E9B7068 is_malloc=0 length=0x260 ----
1E9B7028: 0 0 0 F80C0000 0 58709B1E 9700520 404AD28
1E9B7048: 0 9700520 404B7E4 0 9700520 3 B0709B1E 335D8402
1E9B7068: 1C1ED564 0 0 9700520 3 404B7E4 1 0
1E9B7088: CD41E1C 1C1ED40C 0 36010000 6000000 30000000 1E9B716C 8A080000
1E9B70A8: D3000000 1E9B7178 5A080000 70719B1E 0 AF404F01 470E1000 D000000
1E9B70C8: E4709B1E FCF98202 9700520 0 7AF78202 31340000 0 33B5631E
1E9B70E8: C0D15B1E 1 3490401F 0 6000000 73000000 3000000 1000000
1E9B7108: 1E9B70DC 4000000 1000000 0 0 1E9B70F0 0 5A080000
1E9B7128: 85A 1F409357 1 7C080000 1E9B7134 1E9B7180 87070000 5A080000
1E9B7148: FFFFFFFF 0 0 D3000000 0 20000000 0 FFFFFFFF
1E9B7168: FFFFFFFF 1E9B7178 9C719B1E 74C5FD04 1F40942A FFFFFFFF 54BED16 D4719B1E
1E9B7188: 0 85A 986FF51E 7454F51E 9C62CC0 B8719B1E 27C5FD04 1F409357
1E9B71A8: 85A 54BEC40 CC719B1E CC719B1E 10729B1E 27D29001 1F409357 85A
1E9B71C8: 54BEC40 4 1 1D9E48E4 1F4091F1 9C0 29 1
1E9B71E8: 0 3 9C64024 9C62CC0 7454F51E 9C62CFC 1D9E48E4 7454F51E
1E9B7208: 78AEA71E 986FF51E 54729B1E 69CE9001 C737F1E 64E6EC1D 1 1572B8
1E9B7228: 1 0 9C62CC0 78AEA71E 1EA7AE78 9C62CC0 A000000 150000
1E9B7248: C02CC609 0 15000000 70729B1E 2ACC9001 D9BE8502 1DECE6C4 1E9B72B8
1E9B7268: 9C62CC0 A000000 88729B1E DBCB9001 1E9B72B0 90729B1E 1E9B72B0 9C62CC0
1E9B7288: BC729B1E 5AE09001 9C62CC0 1DECE664 0 1 0 0
1E9B72A8: 0 0 2 1E865DD0 2 0 30ED8502 0
---- block1 ptr=1C1ED488 is_malloc=1 length=0x1AC ----
1C1ED448: 0 0 1C1ED4FC 1C1ED4C0 1C1ED448 6D31580 69 D0000
1C1ED468: 0 0 5781DD4 2851E0A 2851E14 6D31568 0 FD0110DF
1C1ED488: AB1234CD FFFE0000 0 515505C 2846FA7 1C1ED534 1C1ED3F0 8000003E
1C1ED4A8: 1 0 1000001 1C1F0F70 0 0 1C1ED450 1C1ED414
1C1ED4C8: 1C1ED4B8 6D31580 68 D0000 0 0 5781DE8 2851E0A
1C1ED4E8: 2851E14 6D31568 0 0 0 1C1EC668 1C1ED450 1C1ED4F4
1C1ED508: 6D31580 6A D0000 0 0 5781DE8 2851E0A 2851E14
1C1ED528: 6D31568 0 FD0110DF AB1234CD FFFE0000 0 515505C 2847042
1C1ED548: 1C1ED610 1C1ED49C 80000056 1 0 1000001 1C1F0F70 0
1C1ED568: 0 0 0 0 0 0 0 0
1C1ED588: 0 0 0 0 0 0 0 0
1C1ED5A8: 0 0 0 0 0 0 0 0
1C1ED5C8: 0 0 0 0 0 0 0 0
1C1ED5E8: 0 0 0 0 0 0 0 0
1C1ED608: 0 FD0110DF AB1234CD FFFE0000 0 5781DC0 28470FE 1C1ED6B8
1C1ED628: 1C1ED548 8000003C 1
---- block2 ptr=9700520 is_malloc=0 length=0x100 ----
97004E0: FFA42200 46020000 8000000 10000000 10000000 10000000 10000000 10000000
9700500: 0 22735A 0 1 0 0 0 0
9700520: 5010EDC 1 6005190 6005190 97B9A6C 97014F8 9700528 6D31580
9700540: 7 10000 1 0 5010EDC 2851E0A 2851E14 6D31568
9700560: 0 DFDCB1E 570000 DF04B36 1FEB7948 20004E20 0 EF
9700580: 5C6802 0 0 1BFFB1E0 0 0 18000 8000
97005A0: 0 0 0 0 0 0 0 0
97005C0: 9700950 9700C98 1E E 0 E 0 27
97005E0: 1E7C2A28 0 0 0 0 0 1F1DB18C 0
9700600: 0 0 28 F 28 28 33 9700620
---- block3 ptr=CD41E1C is_malloc=0 length=0x100 ----
CD41DDC: D9B 0 D9B 0 D9B 0 D9B 0
CD41DFC: D9B 0 E1C 0 E1C 0 E1C 0
CD41E1C: E1C 0 E1C 0 E1C 0 E1C 0
CD41E3C: E1C 0 E1C 0 E1C 0 E1C 0
CD41E5C: E1C 0 E1C 0 E1C 0 E1C 0
CD41E7C: E1C 0 E9D 0 E9D 0 E9D 0
CD41E9C: E9D 0 E9D 0 E9D 0 E9D 0
CD41EBC: E9D 0 E9D 0 E9D 0 E9D 0
CD41EDC: E9D 0 E9D 0 E9D 0 E9D 0
CD41EFC: E9D 0 F1E 0 F1E 0 F1E 0
---- block4 ptr=1C1ED38C is_malloc=1 length=0x150 ----
1C1ED34C: 100 1C1ECDAC 0 1C1ED8D8 1C1EC624 100 1C1ECDAC 0
1C1ED36C: 1C1ED3C4 1C1EC754 100 0 0 0 0 FD0110DF
1C1ED38C: AB1234CD FFFE0000 0 53D85F8 28866DC 1C1ED3DC 1C1ECD90 80000010
1C1ED3AC: 1 0 1000001 1C1F0F70 6D656D6F 72790000 0 5BAF9596
1C1ED3CC: 1C1ED368 0 6000008 FD0110DF AB1234CD FFFE0000 0 515505C
1C1ED3EC: 2846F91 1C1ED488 1C1ED3A0 8000003E 1 0 1000001 1C1F0F70
1C1ED40C: 0 0 1C1ED4C0 1C1EC81C 1C1ED40C 6D31580 67 D0000
1C1ED42C: 0 0 5781DD4 2851E0A 2851E14 6D31568 0 0
1C1ED44C: 0 1C1ED4FC 1C1ED4C0 1C1ED448 6D31580 69 D0000 0
1C1ED46C: 0 5781DD4 2851E0A 2851E14 6D31568 0 FD0110DF AB1234CD
1C1ED48C: FFFE0000 0 515505C 2846FA7 1C1ED534 1C1ED3F0 8000003E 1
1C1ED4AC: 0 1000001 1C1F0F70 0 0 1C1ED450 1C1ED414 1C1ED4B8
1C1ED4CC: 6D31580 68 D0000 0
---- block5 ptr=36010000 is_malloc=0 length=0x100 ----
3600FFC0: 0 0 0 0 0 0 0 0
3600FFE0: 0 0 0 0 0 0 0 0
36010000: 0 0 0 0 0 0 0 0
36010020: 0 0 0 0 0 0 0 0
36010040: 0 0 0 0 0 0 0 0
36010060: 0 0 0 0 0 0 0 0
36010080: 0 0 0 0 0 0 0 0
360100A0: 0 0 0 0 0 0 0 0
360100C0: 0 0 0 0 0 0 0 0
360100E0: 0 0 0 0 0 0 0 0
---- block6 ptr=6000000 is_malloc=0 length=0x100 ----
5FFFFC0: 3CF63C89 E4AA954C E121426E 52D198F9 4106CC9E 889F1365 E75A7785 3FA3E8A8
5FFFFE0: AFE382E1 35B3B2F7 86F711F7 723E31F2 62DAB426 9B1B499E 35932DAC 239EE27E
6000000: B386527C E8CAC680 6AA06340 8E041CEC E51836 FBA90814 5FFF6A22 2B469481
6000020: 542CB93A 262EFF02 ED38D3D2 9933F6EB 8D9E84C6 C79AE572 700CCB69 2097F464
6000040: 63C0AD83 503D7B00 70E1CF9B 62FA2E30 5E5E7771 E5D9EE14 B8C56714 2011CE7A
6000060: 7E5DC339 5BB9732E 1223BFA3 5844B5CD 3AA38B2D 3117E51D 35D53CF2 26759487
6000080: 18AABB89 9C800C78 4548DD96 E6A8833D 12C4CC64 E4567430 596306BD E3B3C21A
60000A0: F94FD83B B4F04005 2550E677 31529D9C 5EE83FD A5DAFEB2 568B58CB 380F2902
60000C0: 8468D893 CDBC40FE EFD658A ED416E94 25041C27 A1FDEC4C A92E2AC9 4AA45A37
60000E0: BBA463B1 64B8D1C2 B17727E1 54998746 9E2FD10F 4ACD721B C15B0F10 8F877B0A
---- block7 ptr=30000000 is_malloc=0 length=0x100 ----
2FFFFFC0: 2AB01448 6E60026 40078400 938031C0 506000D0 1B7812E8 4B4049A 20D80DB
2FFFFFE0: 250E540D 9C074E01 154029B0 BC0E720 EA10B42F E065A00F D01EE0BE 1E20E78D
30000000: 8909C373 E4F136FE E08FDBFE FE228CC7 8070E025 A0C3459A 1EFFF8BA 3D5C84BA
30000020: 78402EEC BFA59B88 7F2A9F7F AAEC5CFD 756E5D84 AEB72A42 C5C04AA0 3F70A465
30000040: 119A0F84 2169306 46D00693 65A0458B 2FA65A9D 596BE88E A7C07627 EFF13CE9
30000060: 1DF7338E 2C429381 11402FA0 15E033B2 48D03FCE 64F0859B 4930EA4C E40194CB
30000080: CF44E62D BBF6CD4C 2CF476C2 7826F014 EC33B171 9010EFFD 293F4C6B 3085CD30
300000A0: 19E2F023 82B03013 67C70B3A 18F24930 C01268C 1B218863 81AE5AEC 87B7C47E
300000C0: 78F6A946 4B2DC0F1 FDA33509 D81C5CBC C6841F9A B9FC67E9 346EB2C4 CF64D224
300000E0: F2D3151D 1F8CA869 349E5F9C 4937C3A2 917F891 2F379CC7 C89685BD 7AD0AFA6
---- block8 ptr=D000000 is_malloc=0 length=0x100 ----
CFFFFC0: 0 0 0 0 0 0 0 0
CFFFFE0: 0 0 0 0 0 0 0 0
D000000: 0 0 0 0 0 0 0 0
D000020: 0 0 0 0 0 0 0 0
D000040: 0 0 0 0 0 0 0 0
D000060: 0 0 0 0 0 0 0 0
D000080: 0 0 0 0 0 0 0 0
D0000A0: 0 0 0 0 0 0 0 0
D0000C0: 0 0 0 0 0 0 0 0
D0000E0: 0 0 0 0 0 0 0 0
---- block9 ptr=31340000 is_malloc=0 length=0x100 ----
3133FFC0: 0 0 0 0 0 0 0 0
3133FFE0: 0 0 0 0 0 0 0 0
31340000: 0 0 0 0 0 0 0 0
31340020: 0 0 0 0 0 0 0 0
31340040: 0 0 0 0 0 0 0 0
31340060: 0 0 0 0 0 0 0 0
31340080: 0 0 0 0 0 0 0 0
313400A0: 0 0 0 0 0 0 0 0
313400C0: 0 0 0 0 0 0 0 0
313400E0: 0 0 0 0 0 0 0 0
---- block10 ptr=33B5631C is_malloc=0 length=0x100 ----
33B562DC: 0 0 0 0 0 0 0 0
33B562FC: 0 0 0 0 0 0 0 0
33B5631C: 0 0 0 0 0 0 0 0
33B5633C: 0 0 0 0 0 0 0 0
33B5635C: 0 0 0 0 0 0 0 0
33B5637C: 0 0 0 0 0 0 0 0
33B5639C: 0 0 0 0 0 0 0 0
33B563BC: 0 0 0 0 0 0 0 0
33B563DC: 0 0 0 0 0 0 0 0
33B563FC: 0 0 0 0 0 0 0 0
---- block11 ptr=3490401C is_malloc=0 length=0x100 ----
34903FDC: 0 0 0 0 0 0 0 0
34903FFC: 0 0 0 0 0 0 0 0
3490401C: 0 0 0 0 0 0 0 0
3490403C: 0 0 0 0 0 0 0 0
3490405C: 0 0 0 0 0 0 0 0
3490407C: 0 0 0 0 0 0 0 0
3490409C: 0 0 0 0 0 0 0 0
349040BC: 0 0 0 0 0 0 0 0
349040DC: 0 0 0 0 0 0 0 0
349040FC: 0 0 0 0 0 0 0 0
---- block12 ptr=515505C is_malloc=0 length=0x100 ----
515501C: 6E202564 20737461 7475733D 4558545F 4E45575F 564C414E 0 A446561
515503C: 6C6C6F63 61746520 65787420 766C616E 20256400 45787420 566C616E 20444220
515505C: 496E6974 0 6578745F 766C616E 5F676574 5F766C61 6E5F696E 666F0000
515507C: 564C414E 25303475 0 0 0 0 0 0
515509C: 0 A767470 5F676574 5F747275 6E6B5F69 6E666F20 6174746D 65707465
51550BC: 64206F6E 20747275 6E6B2030 7825782C 206E6F74 20666F75 6E642069 6E207472
51550DC: 756E6B20 6C697374 0 0 0 0 0 0
51550FC: 0 A767470 5F766C61 6E5F6368 616E6765 5F6E6F74 69666963 6174696F
515511C: 6E3A204D 4F444946 49454420 564C414E 20282564 2920444F 45534E27 54204558
515513C: 49535421 21210000 0 0 0 0 0 0
---- block13 ptr=1C1F0F70 is_malloc=0 length=0x100 ----
1C1F0F30: 1C1F0F0C 1C1EE5E0 0 0 0 0 0 0
1C1F0F50: 0 0 0 0 15A3C78B 1 288C988 1C1EE8B8
1C1F0F70: 0 1000001 1C1F25ED 301 2861A94 0 1000000 0
1C1F0F90: 1C1F0F28 1C1F0F70 1C1EE5E0 0 0 0 0 0
1C1F0FB0: 0 0 0 0 0 0 FD0110DF AB1234CD
1C1F0FD0: FFFE0000 -
Generic CSV log collection Rule not pulling all records
Hi,
I created a Generic csv log collection rule with details as follows:
Target: Windows Computer
Directory: D:\async
Pattern: Async*.csv
Seperator: ,
Expression: Params/Param[1]-matches wildcard- *
Problem is the Csv file has around 50000 records whereas in the eventview of that rule it only shows 16853 records. I also tried with following SQL query but same results.
select * from event.vEvent
where EventNumber=0
(Since this is the only csv rule I've created & I dont have any records with event 0 hence using eventnumber 0)
I've verified first column of csv file (i.e Param[1]) doesn't contains blank records. Tried deleting & recreating Rules + CSV files but no luck.
Please help.Hi,
As we can see all csv files that start with "Async" under D:\async foler will be collected.
How many this kind of file exist under the directory?
Would you please creat another simple Async.csv file and remove the original file to another folderto do a test.
In addition, also hope the below article can be helpful:
Monitoring Text and CSV log files in System Center Operations Manager
http://support.microsoft.com/kb/2691973
Regards,
Yan Li
Regards, Yan Li -
Configuring Cisco Router for use with Syslog Server
Configuring Cisco Router for use with Syslog Server:
Does anyone know of a good doc for this?
-AshleyStart with that one: http://security-planet.de/wp-content/uploads/2008/12/logging-ios.pdf
And if you need more informations, just ask what you want to achieve.
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
Problems with Sybase Database for Collection Manager in SCE2020
We have problems with Sybase Database for Collection Manager in a SCE2020. The status is:
[root@btl-sce-cm log]# ~scmscm/setup/alive.sh STATUS OK [root@btl-sce-cm monitor]# ./monitor.sh -a -d Test: 01db_up.sh. Status: FAIL. Message: DB is not running Test: 02cm_up.sh. Status: PASS. Message: CM is running Test: 03free_db.sh. Status: PASS. Message: 99% free space in data db Test: 04free_log.sh. Status: PASS. Message: 99% free space in log db Test: 05cm_persistent_buffers.sh. Status: FAIL. Message: The following directory/ies have more than 500 files in them - JDBCAdapter TAAdapter [root@btl-sce-cm monitor]# ~scmscm/scripts/dbtables.sh /home/scmscm/scripts/common.sh: line 43: /root/cm/bin/cm: is a directory Executing query ... /home/scmscm/scripts/dbtables.sh: line 83: /root/cm/bin/cm: is a directory [root@btl-sce-cm monitor]# df -k Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/VolGroup00-LogVol00 149559596 138280700 3681636 98% / /dev/sda1 101086 20685 75182 22% /boot none 1036624 0 1036624 0% /dev/shm
We restored the Sybase database, but we have problems to access the database from Collection Manager and we can't obtain reports from SCE 2020.
Here is the info:
Problem Details: The SCA Reporter cannot generate Reports, the CM diagnostics show the following:
[root@btl-sce-cm ~]# ~scmscm/setup/alive.sh STATUS OK
[root@btl-sce-cm ~]# ~scmscm/scripts/dbfree.sh
Name % Data Free % Log Free
Database 55 99
[root@btl-sce-cm ~]# ~scmscm/scripts/dbtables.sh
/home/scmscm/scripts/common.sh: line 43: /root/cm/bin/cm: No such file or directory Executing query ...
/home/scmscm/scripts/dbtables.sh: line 83: /root/cm/bin/cm: No such file or directory
[root@btl-sce-cm ~]# ~scmscm/setup/monitor/monitor.sh -d -a
Test: 01db_up.sh. Status: FAIL. Message: DB is not running
Test: 02cm_up.sh. Status: PASS. Message: CM is running
Test: 03free_db.sh. Status: PASS. Message: 55% free space in data db
Test: 04free_log.sh. Status: PASS. Message: 99% free space in log db
Test: 05cm_persistent_buffers.sh. Status: FAIL. Message: The following directory/ies have more than 500 files in them - JDBCAdapter
Message was edited by: EMILIO MENCIATomo:
we have problems with our reports in Collection Manager again. We reboot the CM, but the problems continue.
This is the log of the CM. What can be the problem? Thanks tomo
Nov 3 11:49:18 localhost sybase_init: 00:00000:00012:2011/11/03 11:49:18.00 server Maximum number of User Accounts during current sample period: 3.
Nov 3 11:49:18 localhost sybase_init: 00:00000:00012:2011/11/03 11:49:18.00 server Maximum number of User Accounts since startup: 3.
Nov 3 11:49:18 localhost sybase_init: 00:00000:00012:2011/11/03 11:49:18.00 server Maximum Configured Number of User Connections during current sample period: 200.
Nov 3 11:49:18 localhost sybase_init: 00:00000:00012:2011/11/03 11:49:18.00 server Maximum Configured Number of User Connections since startup: 200.
Nov 3 11:49:18 localhost sybase_init: 00:00000:00012:2011/11/03 11:49:18.00 server Maximum Number of User Connections during current sample period: 15.
Nov 3 11:49:18 localhost sybase_init: 00:00000:00012:2011/11/03 11:49:18.00 server Maximum Number of User Connections since startup: 18.
Nov 3 11:49:18 localhost sybase_init: 00:00000:00012:2011/11/03 11:49:18.00 server Maximum number of user seat licenses used during current sample period: 1.
Nov 3 11:49:18 localhost sybase_init: 00:00000:00012:2011/11/03 11:49:18.00 server Maximum number of user seat licenses used since startup: 3.
Nov 9 19:21:49 localhost sybase_init: 00:00000:00069:2011/11/09 19:21:49.78 kernel Cannot send, host process disconnected: btllt0012 suid: 3
Nov 9 19:21:49 localhost sybase_init: 00:00000:00069:2011/11/09 19:21:49.86 kernel Cannot send, host process disconnected: btllt0012 suid: 3
Nov 9 19:21:49 localhost sybase_init: 00:00000:00069:2011/11/09 19:21:49.92 server Error: 1608, Severity: 18, State: 4
Nov 9 19:21:49 localhost sybase_init: 00:00000:00069:2011/11/09 19:21:49.94 server A client process exited abnormally, or a network error was encountered. Unless other errors occurred, continue processing normally.
Nov 9 19:21:49 localhost sybase_init: 00:00000:00069:2011/11/09 19:21:49.94 kernel extended error information: hostname: btllt0012 login: pqb_admin
Nov 9 19:41:10 localhost sybase_init: 00:00000:00086:2011/11/09 19:41:10.01 kernel Cannot send, host process disconnected: btllt0012 suid: 3
Nov 9 19:41:10 localhost sybase_init: 00:00000:00086:2011/11/09 19:41:10.01 kernel Cannot send, host process disconnected: btllt0012 suid: 3
Nov 9 19:41:10 localhost sybase_init: 00:00000:00086:2011/11/09 19:41:10.01 server Error: 1608, Severity: 18, State: 4
Nov 9 19:41:10 localhost sybase_init: 00:00000:00086:2011/11/09 19:41:10.01 server A client process exited abnormally, or a network error was encountered. Unless other errors occurred, continue processing normally.
Nov 9 19:41:10 localhost sybase_init: 00:00000:00086:2011/11/09 19:41:10.01 kernel extended error information: hostname: btllt0012 login: pqb_admin
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.16 server Error: 632, Severity: 20, State: 2
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.16 server Attempt to move memory with an incorrect length
of -794444483. Maximum allowed length is 16384.
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.16 kernel ************************************
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.16 kernel SQL causing error : =
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.16 kernel ************************************
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.16 kernel curdb = 4 tempdb = 2 pstat = 0x10000
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.16 kernel lasterror = 632 preverror = 0 transtate = 3
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.16 kernel curcmd = 0 program =
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.16 kernel extended error information: hostname: btl-sce-cm login: pqb_admin
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.25 kernel pc: 0x08d40ca3 pcstkwalk+0x31b(0x9a78fdbc, 0x9a78fb6c, 0x0000270f, 0x00000002, 0x9a78fb6c)
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.25 kernel pc: 0x08d40832 ucstkgentrace+0x13a(0x68a4006f, 0x00000002, 0x0000270f, (nil), (nil))
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.25 kernel pc: 0x08ce346d ucbacktrace+0x5d((nil), 0x00000001, (nil), 0x00000003, 0x20202020)
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.25 kernel pc: 0x082f19b8 terminate_process+0xa5c((nil), 0xffffffff, 0x9a7904c4, 0x08349a96, 0x00000278)
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.25 kernel pc: 0x08349acb close_network+0xf(0x00000002, 0x9ced1ea0, 0x9a790544, 0x0834902e, 0x00000006)
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.25 kernel pc: 0x08349aad hdl_default+0x45(0x00000006, 0x00000020, 0x00000014, 0x00000002, 0x9a7904fc)
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.25 kernel pc: 0x0834902e ex_raise+0x18a(0x00000006, 0x00000020, 0x00000014, 0x00000002, 0xd0a5bd3d)
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.25 kernel pc: 0x08357c9b memmove_error+0x27(0xd0a5bd3d, 0x00004000, 0xffffffff, 0x0896b8a4, 0x9e3d7cfc)
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.25 kernel pc: 0x0833e54e recvhost+0xbe(0x9a7909ec, 0xd0a5bd3d, 0x00000018, 0x9e44d5d8, 0x9e44d52c)
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.25 kernel pc: 0x08339160 recvchars+0x74(0x9ced2a1c, 0xd0a5bd3d, 0x9a7909ec, 0x000000ff, (nil))
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.25 kernel pc: 0x0831e237 tdsrecv_declare+0x207(0x00000010, 0x9cecb914, 0x9a7911b4, 0x0832dd5f, (nil))
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.25 kernel [Handler pc: 0x0x0863eca4 ut_handle installed by the following function:-]
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.25 kernel pc: 0x0832e3a9 conn_hdlr+0xe49(0x00000030, 0x9a7911c8, 0x895eed31, (nil), (nil))
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.25 kernel pc: 0x08d33984 kpexit((nil), (nil), (nil), 0x9a020900, 0x00000070)
Nov 23 08:35:23 localhost sybase_init: 00:00000:00011:2011/11/23 08:35:23.25 kernel end of stack trace, spid 11, kpid 1755578479, suid 3
AFTER RESTART
ov 28 09:19:06 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:06.50 kernel SySAM: Checked out license for 1 ASE_CORE (2010.04040/permanent/148F 853E 92A9 E302).
Nov 28 09:19:06 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:06.50 kernel This product is licensed to: CISCO SYSTEMS, and OEM license from Sybase, Inc.
Nov 28 09:19:06 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:06.50 kernel Checked out license ASE_CORENov 28 09:19:06 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:06.50 kernel Adaptive Server Enterprise (Small Business Edition)
Nov 28 09:19:07 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.02 kernel Using config area from primary master device.
Nov 28 09:19:07 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.17 kernel Locking shared memory into physical memory.
Nov 28 09:19:07 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.22 kernel Internal run-time model set for Linux - Native
Nov 28 09:19:07 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.26 kernel Using 1024 file descriptors.
Nov 28 09:19:07 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.26 kernel Adaptive Server Enterprise/15.0.2/EBF 14331/P/Linux Intel/Linux 2.4.21-47.ELsmp i686/ase1502/2486/32-bit/FBO/Thu May 24 08:15:50 2007
Nov 28 09:19:07 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.26 kernel Confidential property of Sybase, Inc.Nov 28 09:19:07 localhost messagebus: messagebus startup succeeded
Nov 28 09:19:07 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.26 kernel Copyright 1987, 2007
Nov 28 09:19:08 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.26 kernel Sybase, Inc. All rights reserved.
Nov 28 09:19:08 localhost rhnsd: Red Hat Network Services Daemon running with check_in interval set to 240 minutes.
Nov 28 09:19:08 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.26 kernel Unpublished rights reserved under U.S. copyright laws.
Nov 28 09:19:08 localhost rhnsd: Red Hat Network Services Daemon running with check_in interval set to 240 minutes.
Nov 28 09:19:08 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.26 kernel
Nov 28 09:19:08 localhost rhnsd[27742]: Red Hat Network Services Daemon starting up.
Nov 28 09:19:08 localhost rhnsd: rhnsd startup succeeded
Nov 28 09:19:08 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.26 kernel This software contains confidential and trade secret information of Sybase,
Nov 28 09:19:09 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.26 kernel Inc. Use, duplication or disclosure of the software and documentation by
Nov 28 09:19:09 localhost cups-config-daemon: cups-config-daemon startup succeeded
Nov 28 09:19:09 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.26 kernel the U.S. Government is subject to restrictions set forth in a license
Nov 28 09:19:09 localhost haldaemon: haldaemon startup succeeded
Nov 28 09:19:09 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.26 kernel agreement between the Government and Sybase, Inc. or other written
Nov 28 09:19:09 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.26 kernel agreement specifying the Government's rights to use the software and any
Nov 28 09:19:10 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.26 kernel applicable FAR provisions, for example, FAR 52.227-19.
Nov 28 09:19:10 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.26 kernel Sybase, Inc. One Sybase Drive, Dublin, CA 94568, USA
Nov 28 09:19:10 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.26 kernel Using /opt/sybase as the 'SYBASE' environment variable, found during startup.
Nov 28 09:19:10 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.26 kernel Using OCS-15_0 as the 'SYBASE_OCS' environment variable, found during startup.
Nov 28 09:19:10 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.29 kernel ASE booted on Linux release 2.6.9-78.0.13.ELsmp version #1 SMP Wed Jan 7 17:52:47 EST 2009.
Nov 28 09:19:10 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.29 kernel Using '/opt/sybase/ASE-15_0/pqbsyb1.cfg' for configuration information.
Nov 28 09:19:11 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.29 kernel Logging ASE messages in file '/opt/sybase/ASE-15_0/install/pqbsyb1.log'.
Nov 28 09:19:11 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.29 kernel Platform TCP network is forced to IPv4-only.
Nov 28 09:19:11 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.32 kernel ASE booted with TCP_NODELAY enabled.
Nov 28 09:19:11 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.35 kernel SSL Plus v5.0.4 security modules loaded successfully.
Nov 28 09:19:11 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.35 kernel Network and device connection limit is 1009.
Nov 28 09:19:11 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.65 server Number of blocks left for proc headers: 12760.
Nov 28 09:19:11 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:07.65 server Proc header memory allocated 2552 pages for each per engine cache
Nov 28 09:19:11 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:08.16 server Size of the 16K memory pool: 307200 Kb
Nov 28 09:19:11 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:08.16 server Memory allocated for the default data cache cachelet 1: 307200 Kb
Nov 28 09:19:12 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:08.16 kernel Enabling Linux Native Kernel asynchronous disk I/O strategy.
Nov 28 09:19:12 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:08.16 kernel Initializing virtual device 0, '/opt/sybase/data/master.dat' with dsync 'on'.
Nov 28 09:19:12 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:08.16 kernel Virtual device 0 started using asynchronous i/o.
Nov 28 09:19:12 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:08.17 server Loaded default Unilib conversion handle.
Nov 28 09:19:12 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:08.56 kernel Worker Thread Manager is not enabled for use in ASE.
Nov 28 09:19:12 localhost fstab-sync[28568]: removed all generated mount points
Nov 28 09:19:12 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:08.58 kernel Either the config parameter 'use security services' is set to 0, or ASE does not support use of external security mechanisms on this platform. The Security Control Layer will not be initialized. No external security mechanisms will be supported.
Nov 28 09:19:13 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:08.58 kernel Unix interval timer enabled for sysclk interrupts.
Nov 28 09:19:13 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:08.85 kernel Begin processing to generate RSA keypair.
Nov 28 09:19:13 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:08.94 kernel Completed processing to generate RSA keypair.
Nov 28 09:19:13 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:08.94 kernel Encryption provider initialization succeeded on engine 0.
Nov 28 09:19:13 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:08.94 kernel engine 0, os pid 27618 online
Nov 28 09:19:13 localhost sybase_init: 00:00000:00000:2011/11/28 09:19:08.94 server No active traceflags
Nov 28 09:19:13 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:09.08 kernel libomni1 - Component Integration Services: usin
g 'Sybase Client-Library/15.0/P-EBF14165 ESD #7/DRV.15.0.3/Linux Intel/Linux 2.4.21-47.0.1.ELsmp i686/BUILD1500-093/OPT/Wed Dec 13 21:46:44 2006'
Nov 28 09:19:13 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:09.10 server Opening Master Database ...
Nov 28 09:19:14 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:09.66 server Loading ASE's default sort order and character set
Nov 28 09:19:14 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:09.83 server Recovering database 'master'.
Nov 28 09:19:14 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:09.92 server Started estimating recovery log boundaries for database 'master'.
Nov 28 09:19:14 localhost kernel: mtrr: type mismatch for d8000000,2000000 old: uncachable new: write-combining
Nov 28 09:19:14 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:09.96 server Database 'master', checkpoint=(1831, 20), first=(1831, 20), last=(1831, 32).
Nov 28 09:19:14 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:09.96 server Completed estimating recovery log boundaries for database 'master'.
Nov 28 09:19:14 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:09.96 server Started ANALYSIS pass for database 'master'.
Nov 28 09:19:14 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:09.96 server Completed ANALYSIS pass for database 'master'.
Nov 28 09:19:14 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:09.96 server Log contains all committed transactions until 2011/11/27 13:28:54.20 for database master.
Nov 28 09:19:14 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:09.96 server Started REDO pass for database 'master'. The total number of log records to process is 13.
Nov 28 09:19:14 localhost fstab-sync[28716]: added mount point /media/cdrecorder for /dev/scd0
Nov 28 09:19:14 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:10.12 server Redo pass of recovery has processed 4 committed and 0 aborted transactions.
Nov 28 09:19:14 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:10.12 server Completed REDO pass for database 'master'.
Nov 28 09:19:14 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:10.12 server Recovery of database 'master' will undo incomplete nested top actions.
Nov 28 09:19:14 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:10.12 server Started recovery checkpoint for database 'master'.
Nov 28 09:19:15 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:10.38 server Completed recovery checkpoint for database 'master'.
Nov 28 09:19:15 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:10.56 server Started filling free space info for database 'master'.
Nov 28 09:19:15 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:11.24 server Completed filling free space info for database 'master'.
Nov 28 09:19:15 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:11.26 server Started cleaning up the default data cache for database 'master'.
Nov 28 09:19:15 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:11.26 server Completed cleaning up the default data cache for database 'master'.
Nov 28 09:19:15 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:11.42 server Checking external objects.
Nov 28 09:19:15 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:12.40 server Database 'master' is now online.
Nov 28 09:19:15 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:12.40 server The transaction log in the database 'master' will use I/O size of 16 Kb.
Nov 28 09:19:15 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:12.67 server Warning: ASE_HA has no valid license and therefore is not initialized.
Nov 28 09:19:15 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:12.73 server server name is 'pqbsyb1'
Nov 28 09:19:15 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:12.90 server Activating disk 'sysprocsdev' of size 126976 KB.
Nov 28 09:19:15 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:12.95 kernel Initializing virtual device 1, '/opt/sybase/data/sysprocs.dat' with dsync 'on'.
Nov 28 09:19:16 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:12.95 kernel Virtual device 1 started using asynchronous i/o.
Nov 28 09:19:16 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:12.95 server Activating disk 'systemdbdev' of size 49152 KB.
Nov 28 09:19:16 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:12.99 kernel Initializing virtual device 2, '/opt/sybase/data/sybsysdb.dat' with dsync 'on'.
Nov 28 09:19:16 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:12.99 kernel Virtual device 2 started using asynchronous i/o.
Nov 28 09:19:16 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:12.99 server Activating disk 'apricot_data1' of size 35082660 KB.
Nov 28 09:19:16 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.02 kernel Initializing virtual device 3, '/opt/sybase_data/apticotdata.dat' with dsync 'off'.
Nov 28 09:19:16 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.02 kernel Virtual device 3 started using asynchronous (with DIRECTIO) i/o.
Nov 28 09:19:16 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.02 server Activating disk 'apricot_log1' of size 2980002 KB.
Nov 28 09:19:17 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.04 kernel Initializing virtual device 4, '/opt/sybase_data/apricotlog.dat' with dsync 'off'.
Nov 28 09:19:17 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.04 kernel Virtual device 4 started using asynchronous (with DIRECTIO) i/o.
Nov 28 09:19:17 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.04 server Activating disk 'tempdb_dev' of size 1048576 KB.
Nov 28 09:19:17 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.09 kernel Initializing virtual device 5, '/opt/sybase_data/tempdb.dat' with dsync 'off'.
Nov 28 09:19:17 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.09 kernel Virtual device 5 started using asynchronous i/o.
Nov 28 09:19:18 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.30 server Recovering database 'sybsystemdb'.
Nov 28 09:19:18 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.32 server Started estimating recovery log boundaries for database 'sybsystemdb'.
Nov 28 09:19:18 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.40 server Database 'sybsystemdb', checkpoint=(843, 106), first=(843, 106), last=(843, 106).
Nov 28 09:19:18 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.40 server Completed estimating recovery log boundaries for database 'sybsystemdb'.
Nov 28 09:19:19 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.40 server Started ANALYSIS pass for database 'sybsystemdb'.
Nov 28 09:19:19 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.40 server Completed ANALYSIS pass for database 'sybsystemdb'.
Nov 28 09:19:19 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.40 server Log contains all committed transactions until 2011/10/25 09:55:36.72 for database sybsystemdb.
Nov 28 09:19:20 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.40 server Started REDO pass for database 'sybsystemdb'. The total number of log records to process is 1.
Nov 28 09:19:20 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.41 server Completed REDO pass for database 'sybsystemdb'.
Nov 28 09:19:20 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.41 server Recovery of database 'sybsystemdb' will undo incomplete nested top actions.
Nov 28 09:19:20 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.41 server Started recovery checkpoint for database 'sybsystemdb'.
Nov 28 09:19:21 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.46 server Completed recovery checkpoint for database 'sybsystemdb'.
Nov 28 09:19:21 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.58 server Started filling free space info for database 'sybsystemdb'.
Nov 28 09:19:21 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.69 server Completed filling free space info for database 'sybsystemdb'.
Nov 28 09:19:21 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.70 server Started cleaning up the default data cache for database 'sybsystemdb'.
Nov 28 09:19:21 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.70 server Completed cleaning up the default data cache for database 'sybsystemdb'.
Nov 28 09:19:22 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.70 server Boot Count: 13
Nov 28 09:19:22 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:13.81 server Checking external objects.
Nov 28 09:19:22 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:14.18 server The transaction log in the database 'sybsystemdb' will use I/O size of 16 Kb.
Nov 28 09:19:22 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:15.59 server Completed recovery checkpoint for database 'model'.
Nov 28 09:19:22 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:15.70 server Started filling free space info for database 'model'.
Nov 28 09:19:23 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:15.72 server Completed filling free space info for database 'model'.
Nov 28 09:19:23 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:15.74 server Started cleaning up the default data cache for database 'model'.
Nov 28 09:19:23 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:15.74 server Completed cleaning up the default data cache for database 'model'.
Nov 28 09:19:23 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:15.77 server Checking external objects.
Nov 28 09:19:23 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:16.07 server The transaction log in the database 'model' will use I/O size of 16 Kb.
Nov 28 09:19:24 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:16.08 server Database 'model' is now online.
Nov 28 09:19:24 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:16.08 server The logical pagesize of the server is 16 Kb.
Nov 28 09:19:24 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:16.08 server 0 dump conditions detected at boot time
Nov 28 09:19:24 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:16.08 server Clearing temp db
Nov 28 09:19:24 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:18.37 server Processed 27 allocation unit(s) out of 262 units (allocation page 6656). 10% completed.
Nov 28 09:19:25 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:19.51 server Processed 53 allocation unit(s) out of 262 units (allocation page 13312). 20% completed.
Nov 28 09:19:25 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:20.81 server Processed 79 allocation unit(s) out of 262 units (allocation page 19968). 30% completed.
Nov 28 09:19:25 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:22.19 server Processed 105 allocation unit(s) out of 262 units (allocation page 26624). 40% completed.
Nov 28 09:19:25 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:23.52 server Processed 131 allocation unit(s) out of 262 units (allocation page 33280). 50% completed.
Nov 28 09:19:25 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:24.96 server Processed 158 allocation unit(s) out of 262 units (allocation page 40192). 60% completed.
Nov 28 09:19:27 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:27.08 server Processed 184 allocation unit(s) out of 262 units (allocation page 46848). 70% completed.
Nov 28 09:19:29 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:29.94 server Processed 210 allocation unit(s) out of 262 units (allocation page 53504). 80% completed.
Nov 28 09:19:32 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:32.01 server Processed 236 allocation unit(s) out of 262 units (allocation page 60160). 90% completed.
Nov 28 09:19:32 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:32.57 server Processed 262 allocation unit(s) out of 262 units (allocation page 66816). 100% completed.
Nov 28 09:19:32 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:32.84 server The transaction log in the database 'tempdb' will use I/O size of 16 Kb.
Nov 28 09:19:32 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:32.86 server Database 'tempdb' is now online.
Nov 28 09:19:33 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:33.06 server Recovering database 'sybsystemprocs'.
Nov 28 09:19:33 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:33.08 server Started estimating recovery log boundaries for database 'sybsystemprocs'.
Nov 28 09:19:33 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:33.14 server Database 'sybsystemprocs', checkpoint=(6333, 93), first=(6333, 93), last=(6333, 93).
Nov 28 09:19:33 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:33.14 server Completed estimating recovery log boundaries for database 'sybsystemprocs'.
Nov 28 09:19:33 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:33.14 server Started ANALYSIS pass for database 'sybsystemprocs'.
Nov 28 09:19:33 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:33.14 server Completed ANALYSIS pass for database 'sybsystemprocs'.
Nov 28 09:19:33 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:33.14 server Log contains all committed transactions until 2011/10/25 09:55:36.72 for database sybsystemprocs.
Nov 28 09:19:33 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:33.14 server Started REDO pass for database 'sybsystemprocs'. The total number of log records to process is 1.
Nov 28 09:19:33 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:33.14 server Completed REDO pass for database 'sybsystemprocs'.
Nov 28 09:19:33 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:33.14 server Recovery of database 'sybsystemprocs' will undo incomplete nested top actions.
Nov 28 09:19:33 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:33.14 server Started recovery checkpoint for database 'sybsystemprocs'.
Nov 28 09:19:33 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:33.18 server Completed recovery checkpoint for database 'sybsystemprocs'.
Nov 28 09:19:33 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:33.20 server Started filling free space info for database 'sybsystemprocs'.
Nov 28 09:19:33 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:33.39 server Completed filling free space info for database 'sybsystemprocs'.
Nov 28 09:19:33 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:33.40 server Started cleaning up the default data cache for database 'sybsystemprocs'.
Nov 28 09:19:33 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:33.40 server Completed cleaning up the default data cache for database 'sybsystemprocs'.
Nov 28 09:19:33 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:33.41 server Checking external objects.
Nov 28 09:19:34 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:34.04 server The transaction log in the database 'sybsystemprocs' will use I/O size of 16 Kb.
Nov 28 09:19:34 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:34.09 server Database 'sybsystemprocs' is now online.
Nov 28 09:19:34 localhost sybase_init: 00:00000:00008:2011/11/28 09:19:34.23 kernel network name localhost.localdomain, interface IPv4, address 10.1.1.33, type tcp, port 4100, filter NONE
Nov 28 09:19:34 localhost sybase_init: 00:00000:00008:2011/11/28 09:19:34.23 kernel network name localhost.localdomain, interface IPv4, address 127.0.0.1, type tcp, port 4100, filter NONE
Nov 28 09:19:34 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:34.74 server Recovery has tuned the size of '128K' pool in 'default data cache' to benefit recovery performance. The original configuration will be restored at the end of recovery.
Nov 28 09:19:34 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:34.74 server Recovery has tuned the size of '16K' pool in 'default data cache' to benefit recovery performance. The original configuration will be restored at the end of recovery.
Nov 28 09:19:34 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:34.74 server Recovery has tuned the '128K' pool in 'default data cache' by changing its 'local async prefetch limit' from 10 to 80. The original configuration will be restored at the end of recovery.
Nov 28 09:19:34 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:34.74 server Recovery has tuned the '16K' pool in 'default data cache' by changing its 'local async prefetch limit' from 10 to 80. The original configuration will be restored at the end of recovery.
Nov 28 09:19:34 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:34.74 server The server will recover databases serially.
Nov 28 09:19:34 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:34.81 server Recovering database 'apricot'.
Nov 28 09:19:34 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:34.82 server Started estimating recovery log boundaries for database 'apricot'.
Nov 28 09:19:34 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:34.89 server Database 'apricot', checkpoint=(2358271, 12), first=(2358271, 11), last=(2358275, 172).
Nov 28 09:19:34 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:34.89 server Completed estimating recovery log boundaries for database 'apricot'.
Nov 28 09:19:34 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:34.89 server Started ANALYSIS pass for database 'apricot'.
Nov 28 09:19:34 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:34.89 server Completed ANALYSIS pass for database 'apricot'.
Nov 28 09:19:34 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:34.89 server Log contains all committed transactions until 2011/11/28 09:16:20.68 for database apricot.
Nov 28 09:19:34 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:34.89 server Started REDO pass for database 'apricot'. The total number of log records to process is 846.
Nov 28 09:19:35 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:35.10 server Redo pass of recovery has processed 2 committed and 138 aborted transactions.
Nov 28 09:19:35 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:35.10 server Completed REDO pass for database 'apricot'.
Nov 28 09:19:35 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:35.11 server Recovery of database 'apricot' will undo incomplete nested top actions.
Nov 28 09:19:35 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:35.11 server Started recovery checkpoint for database 'apricot'.
Nov 28 09:19:35 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:35.29 server Completed recovery checkpoint for database 'apricot'.
Nov 28 09:19:35 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:35.35 server Started filling free space info for database 'apricot'.
Nov 28 09:19:35 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:35.47 server Completed filling free space info for database 'apricot'.
Nov 28 09:19:35 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:35.51 server Started cleaning up the default data cache for database 'apricot'.
Nov 28 09:19:35 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:35.51 server Completed cleaning up the default data cache for database 'apricot'.
Nov 28 09:19:35 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:35.55 server Checking external objects.
Nov 28 09:19:36 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:36.30 server The transaction log in the database 'apricot' will use I/O size of 16 Kb.
Nov 28 09:19:36 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:36.31 server Database 'apricot' is now online.
Nov 28 09:19:36 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:36.34 server Recovery has restored the value of 'local async prefetch limit' for '128K' pool in 'default data cache' from '80' to 'DEFAULT'.
Nov 28 09:19:36 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:36.34 server Recovery has restored the value of 'local async prefetch limit' for '16K' pool in 'default data cache' from '80' to 'DEFAULT'.
Nov 28 09:19:36 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:36.40 server Recovery has restored the original size for '128K' pool and '16K' pool in 'default data cache'.
Nov 28 09:19:36 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:36.44 server Recovery complete.
Nov 28 09:19:36 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:36.46 server ASE's default unicode sort order is 'binary'.
Nov 28 09:19:36 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:36.46 server ASE's default sort order is:
Nov 28 09:19:36 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:36.46 server 'bin_iso_1' (ID = 50)
Nov 28 09:19:36 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:36.46 server on top of default character set:
Nov 28 09:19:36 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:36.46 server 'iso_1' (ID = 1).
Nov 28 09:19:36 localhost sybase_init: 00:00000:00001:2011/11/28 09:19:36.46 server Master device size: 240 megabytes, or 122880 virtual pages. (A virtual page is 2048 bytes.)
Nov 28 09:34:40 localhost sybase_init: 00:00000:00109:2011/11/28 09:34:40.95 kernel Cannot send, host process disconnected: btl-sce-cm suid: 3
Nov 28 09:34:40 localhost sybase_init: 00:00000:00109:2011/11/28 09:34:40.95 server Error: 1608, Severity: 18, State: 3
Nov 28 09:34:40 localhost sybase_init: 00:00000:00109:2011/11/28 09:34:40.95 server A client process exited abnormally, or a network error was encountered. Unless other errors occurred, continue processing normally.
Nov 28 09:34:40 localhost sybase_init: 00:00000:00109:2011/11/28 09:34:40.95 kernel extended error information: hostname: btl-sce-cm login: pqb_admin
Nov 28 09:38:27 localhost sshd(pam_unix)[29201]: session opened for user root by (uid=0) -
What determines when logs get rotated?
I need to write a script to parse /private/var/log/secure.log and create a report consisting of the time and userid of each login. But secure.log gets archived periodically, and then the archives get deleted, so I need to time the execution of this script to whatever it is that triggers this archiving so I can record the logins before the log gets rotated.
Looking at the logs and archives, it's a little hard to tell what's going on.
% ls -l /private/var/log/secure.*
-rw-r----- 1 root admin 8153 Jul 24 21:37 /private/var/log/secure.log
-rw-r----- 1 root admin 2232 Jul 21 23:16 /private/var/log/secure.log.0.gz
-rw-r----- 1 root admin 2196 Jul 7 08:21 /private/var/log/secure.log.1.gz
-rw------- 1 root admin 6275 Jun 29 22:29 /private/var/log/secure.log.2.gz
The time intervals are not the same, and neither are the file sizes, so the logs don't appear to get rotated on a regular schedule or when they reach a certain size. It does seem to happen between logins, I think.
/private/etc/periodic/daily/100.clean-logs looks like it deletes old logs, but it isn't involved in archiving or deleting archived logs. /private/etc/periodic/daily/500.daily has a routine for archiving logs, but I don't understand it well enough to see what triggers it.I've written the script for doing user accounting on the Panther machines, but I'm still having trouble understanding what's going on on my own machine. I'm not positive, but I think there might be some serious problems with launchd and how it manages logs. Something is definitely not right.
According to the documentation Mark referred me to,
Beginning in Mac OS X v10.4, the preferred way to add a timed job is to use a launchd(8) timed job. A launchd timed job is similar to a cron(8) job, with two key differences:
* Each launchd job is described by a separate file. This means that you can add launchd timed jobs by simply adding or removing a file.
* If the computer is asleep at the designated time, a launchd job executes as soon as the computer wakes. This is similar to the behavior of anacron and other cron replacements).
From what I'm seeing, this simply isn't happening. Look at the listing I posted above:
% ls -l /private/var/log/secure.*
-rw-r----- 1 root admin 8153 Jul 24 21:37 /private/var/log/secure.log
-rw-r----- 1 root admin 2232 Jul 21 23:16 /private/var/log/secure.log.0.gz
-rw-r----- 1 root admin 2196 Jul 7 08:21 /private/var/log/secure.log.1.gz
-rw------- 1 root admin 6275 Jun 29 22:29 /private/var/log/secure.log.2.gz
This log is rotated by the script /private/etc/periodic/weekly/500.weekly, but it clearly isn't being rotated weekly. The dates the three archives were created fall on a Friday and two Saturdays, and there is a two week gap between 0 and 1. I am positive that my laptop was not asleep for a week or more. I use it every day. I noticed that the permissions on secure.log.2.gz are wrong, but I don't think that's the cause of the problem. It's just another sign of the hinkiness that abounds here.
The situation looks even stranger when you look at the dates of the first and last entries in each file:
secure.log.2: Jun 19 22:34:51 - Jun 29 22:29:19
secure.log.1: Jun 30 20:15:36 - Jul 7 08:20:33
secure.log.0: Jul 7 11:33:01 - Jul 21 23:16:07
secure.log: Jul 22 15:35:03 - Jul 27 22:43:46 (and counting)
So it looks secure.log.0 and secure.log.2 were truncated and archived around midnight--different days of the week, but at least they avoided getting entries from the same date in two different files. But look at secure.log.1. 8:21 in the morning??? Why???? It's not like it was asleep or anything. I had been using it until around 12:30, and started in again at around 6:30 Saturday morning. Why does it decide it's time to rotate the log at 8:21? And this is after it has already waited two weeks!
So if you're doing user accounting on a weekly basis, this just isn't helpful, and it sure isn't helpful if you're trying to do it monthly. You basically need to re-concatenate the files and split them out by grepping the dates. In other words, before you can do what you need to do, you have to undo what the periodic maintenance routines have done.
And you have to hope they haven't destroyed the records you need.
Among all the other mysteries I'm trying to sort out, I'm trying to understand why the /private/etc/periodic/monthly/500.monthly script didn't run at the end of June. One thing I can't do is go back and look at the system.log, because they rotate them daily (or they intend to, but this doesn't work correctly either) and only keep the last seven. Here's what the log rotation script looks like:
for i in system.log; do
if \[ -f "${i}" \]; then
printf %s " ${i}"
if \[ -x /usr/bin/gzip \]; then gzext=".gz"; else gzext=""; fi
if \[ -f "${i}.6${gzext}" \]; then mv -f "${i}.6${gzext}" "${i}.7${gzext}"; fi
if \[ -f "${i}.5${gzext}" \]; then mv -f "${i}.5${gzext}" "${i}.6${gzext}"; fi
if \[ -f "${i}.4${gzext}" \]; then mv -f "${i}.4${gzext}" "${i}.5${gzext}"; fi
if \[ -f "${i}.3${gzext}" \]; then mv -f "${i}.3${gzext}" "${i}.4${gzext}"; fi
if \[ -f "${i}.2${gzext}" \]; then mv -f "${i}.2${gzext}" "${i}.3${gzext}"; fi
if \[ -f "${i}.1${gzext}" \]; then mv -f "${i}.1${gzext}" "${i}.2${gzext}"; fi
if \[ -f "${i}.0${gzext}" \]; then mv -f "${i}.0${gzext}" "${i}.1${gzext}"; fi
if \[ -f "${i}" \]; then
touch "${i}.$$" && chmod 640 "${i}.$$" && chown root:admin "${i}.$$"
mv -f "${i}" "${i}.0" && mv "${i}.$$" "${i}" && if \[ -x /usr/bin/gzip \]; then
gzip -9 "${i}.0"; fi
fi
fi
done
That last part is just plain weird. They get done rotating all the gzipped archives, and then they need to test to see if there is a new log file, and if not, create one, then archive it. Archive an empty log??? What for? Don't you want to see if there's a current log, and that it has at least one line of data in it, before you start the whole process? Why bother rotating logs if there's no new information? And then, after they archive it, they don't create a new log? All of the other log rotation scripts archive the current log then create a new one. Why should this one be different? This just looks like a mistake.
Also, I'm not the most experienced shell scripter, but isn't this just plain crude and ugly? Instead of using a loop to do a repetetive task, with a variable you can change to set a limit on the number of iterations, they've hard-coded each step. And this is in the script that we're not supposed to change, and it can't be overridden. Nice.
So if we want to change how frequently our log files get trashed, we need to write a daily.local script that takes the truncated, archived files and decompresses them, concatenates them, and puts them somewhere out of harms way? Is that how we're supposed to proceed? Follow them around and undo what they do then try to do it right? Heaping more ugliness upon ugliness?
And keep in mind that the timing mechanism that controls it all is broken, and if you want to do your monthly reports at the end of the month, or your weekly reports at the end of the week, you either have to wait around until this byzantine Rube Goldberg machine spits out the logs you need or go to the terminal and call periodic to run whatever process you want it to run manually after all.
I am starting to wish I'd never looked at this. -
Methods for Remote Event Log Collection (WMI vs RPC vs WinRM)
Hi,
I'm currently evaluating several 3rd party tools (SIEMs) to help me with log management in a large (mostly) Windows domain environment. Each tool uses a different approach to collecting the event log from remote systems, and I'd like help understanding the
pros and cons of each approach. I've dropped this in the scripting forum as the tools are essentially running different scripts and it's this part I would like to understand.
WMI: An agent installed on a windows server connects to each monitored box and grabs their event logs via WMI. Our legacy SIEM already collects from over 2000 servers using this method.
RPC: As above, but using RPC. No changes required on the remote machines.
WinRM: An appliance integrates with AD and collects event logs remotely using WinRM. This is reasonably new to me (i'm a security guy, not a sys admin) but I seem to have to enable an additional remote management tool, and open a new listening port on every
single machine I want to collect the event log from.
I read the following blog entry, which seemed to indicate that RPC was the best choice for performance, considering I'm going to be making high frequency connections to over 2000 targets:
http://blogs.technet.com/b/josebda/archive/2010/04/02/comparing-rpc-wmi-and-winrm-for-remote-server-management-with-powershell-v2.aspx
However, everything I have found on the subject of remote event collection seems to suggest that WinRM is the "approved" method for event log collection. The vendor using the WinRM approach is also suggesting that it is the only official MS supported
way of doing this.
So I would like to ask, is there a reason that WMI and RPC should not be used for this purpose, since they clearly work and don't require any changes to my environment? Is there some advantage to WinRM that justifies touching my entire estate and opening
an additional port (increasing my attack surface)?
Thanks in advance,Hi,
I'm aware of the push method, and may indeed move to it in time, although I'm just as likely to install a 3rd party agent on the machines to perform this role with greater functionality and manageability for the same effort. I've only seen organisations
using commercial agents (snare, splunk, etc) or WMI for log collection in practice, so I don't think I'm the only one with reservations about it.
Anything that involves making configuration changes to a large and very varied estate is not something to do lightly. Particularly if alternatives exist that don't require this change to be carried out immediately. That is why I'm looking to properly understand
the pros and cons of these "legacy" approaches for use as an interim solution if nothing more.
Pulling probably is more resource intensive, although I've not seen an actual comparison, but it's not really that fragile in my experience. If a single pull fails, you just collect the logs you missed at the next pull cycle in a few seconds/minutes.
All logs are pulled directly into a SIEM for analysis, so that part is covered.
Anyway, I appreciate the input, but I'm still holding out for concrete reasons to move away from WMI/RPC or to embrace WinRM. Bear in mind I'm considering fixing something that doesn't look broken to me!
Cheers, -
I needed help with the log file rotation and cleanup script and how to remove the log file older then x days.
Hi
Please try:
How To Recycle Logs Of SQL Server \
Agent \ Default Trace \ Full Text Search \ Full-Text Filter Daemon:
Recycle SQLFT.LOG : (Sql server full text search)
• Naming convention for FT log is as SQLFT.LOG[]
• When an error occurs during a crawl, the Full-Text Search crawl logging facility creates and maintains a crawl log, which is a plain text file. Each crawl log corresponds to a particular full-text catalog
• By default these are located in %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\LOG folder
• The 2 at the end of the file name indicates that there are two crawl log files for this database/catalog pair
Syntax: no syntax
Before SQL 2008 – restart the indexer
SQL 2008 onwards– we cant re-cycle to full text log without restarting SQL server
Recycle FDLAUNCHERRORLOG : (SQL Full-text Filter Daemon Service Error Log)
• For those its new term ; FDLAUNCHERSyntax:RORLOG is a SQL Full-text Filter Daemon Service Error Log
• The FDLAUNCHERRORLOG files are for errors that occur in the SQL Server Full Text Filter Daemon launcher service.
• This is a separate service used to load filters for full text search
• Log file (FDLAUNCHERRORLOG) will be available in same location as sql server errorlog
Syntax: No Syntax
The only way available to recycle log is restart FDLauncher service
sp_configure ‘default trace’ : Recycle SQL Server Default trace
• By default SQL Server keeps the last 5 trace files in the log directory
• We can read these files by this way.
• You can also get trace file details in reports in sql server
Syntax:
sp_configure 'show advanced options' , 1
Go
RECONFIGURE WITH OVERRIDE
GO
EXEC sp_configure 'default trace', 0 RECONFIGURE
GO
EXEC sp_configure 'default trace', 1 RECONFIGURE
GO
sp_cycle_errorlog :
Recycle SQL server errorlog
• SQL Server can maintain from 6 - 99 Error Logs ; default is 6. The currently used SQL Server Error Log will be named errorlog.1
• Every time SQL Server is started, the current error log is renamed to errorlog.1; errorlog.1 becomes errorlog.2, errorlog.2 becomes errorlog.3, and so on.
• sp_cycle_errorlog enables you to cycle the error log files without stopping and starting the server.
Syntax :
EXEC msdb.dbo.sp_cycle_errorlog
GO
sp_cycle_agent_errorlog :
Recycle SQL Agent Error log
• SQL Server Agent can maintain up to nine SQL Server Agent Error Logs. The currently used SQL Server Agent Error Log will be named SQLAGENT.OUT
• There is no way you can increase this number
• By default, the SQL Server Agent Error log is located in "Program Files\Microsoft SQL Server\MSSQL.n\MSSQL\LOG\SQLAGENT.OUT".
Syntax:
EXEC msdb.dbo.sp_cycle_agent_errorlog;
Go
Thanks Saurabh Sinha
http://saurabhsinhainblogs.blogspot.in/
Please click the Mark as answer button and vote as helpful if this reply solves your problem -
Populating our log message along with standard sap log in ck11n.
Hi all,
I have developed a user exit which is used in costing of material using ck11n.
Here i have to show our custom log message along with the standard log shown by standard sap system after costing run is complete.
I got one FM-- CM_F_MESSAGE which is used by SAP. But i want the message along with SAP messages and not separately.
Can u help me out for this. its very urgent.
Thanks in advance.Hi
I'm not sure because I don't know that trx, but I seem the function group of that function manages a log, so you can try.
This is an extract of abap code of SAPLCKDI where that fm is used:
CALL FUNCTION 'CM_F_MESSAGE'
EXPORTING
ARBGB = Y_CMF-CK
MSGNR = '327'
MSGTY = Y_CMF-W
MSGV1 = SICHT
MSGV2 = KLVAR.
So I suppose you should call it by this way:
CALL FUNCTION 'CM_F_MESSAGE'
EXPORTING
ARBGB = <your message class>
MSGNR = <message number>
MSGTY = <message type>
MSGV1 = <text 1>
MSGV2 = <text 2>
MSGV3 = <text 3>
I think MSGV* is optional parameter.
Max -
I have connected my ipad to my computer and logged into iTunes website. On my iPad to restore my my data Ipad I have chosen language, country then it asks you to connect with cable and log into iTunes, I have done that, but cannot find this other information I need to restore from the website. Can you help me please? the 2 replies, I thank you, but this has not helped with my problem.
Your post is somewhat confusing. To restore your iPad you use the iTunes application on your computer and connect your iPad. Select your iPad in the left column of iTunes on your computer and select General in the right column. You should find the restore choice there.
-
After opening my yahoo mail window, I keep getting a very short and narrow dialogue box with the words "log into Xmarks" I cannot ... when it pops up, always upper left of my laptop screen and I try to get into my yahoo mail web page, I get a DING sound and cannot enter it ... everything is frozen. I have to hit CNTRL + ALT + ESC to get rid of it - and then reload my Firefox browser to get back to my yahoo e-mail page ... fortunately for me, Firefox re-stores a previous session ... How can I get rid of this intrusive thing, and what is it? Thanks in advance ... Ted Beaudoin, Welland, ON, Canada
Remove VideoFileDownload and find a downloader that doesn't contain TextEnhance.
-
Problem with Syslog in Solaris 10
I have 2 hosts (both are actually Solaris 10 Zones). One has no issues with syslog and the other won't send its messages to our loghost. Both have the same /etc/syslog.conf files, /etc/resolv.conf and /etc/nsswitch.conf files. The one works and the other just says in the /var/adm/messages files :
May 3 11:16:42 svanyc128 syslogd: line 22: WARNING: loghost could not be resolved
May 3 11:16:42 svanyc128 syslogd: line 23: WARNING: loghost could not be resolved
May 3 11:16:42 svanyc128 syslogd: line 28: WARNING: loghost could not be resolved
May 3 11:16:42 svanyc128 syslogd: line 29: WARNING: loghost could not be resolved
May 3 11:16:42 svanyc128 syslogd: line 30: WARNING: loghost could not be resolved
May 3 11:16:42 svanyc128 syslogd: line 31: WARNING: loghost could not be resolved
May 3 11:16:42 svanyc128 syslogd: line 32: WARNING: loghost could not be resolved
May 3 11:16:42 svanyc128 syslogd: line 33: WARNING: loghost could not be resolved
May 3 11:16:42 svanyc128 syslogd: line 34: WARNING: loghost could not be resolved
May 3 11:16:42 svanyc128 syslogd: line 35: WARNING: loghost could not be resolved
May 3 11:16:42 svanyc128 syslogd: line 36: WARNING: loghost could not be resolved
May 3 11:16:42 svanyc128 syslogd: line 37: WARNING: loghost could not be resolved
May 3 11:16:42 svanyc128 syslogd: line 38: WARNING: loghost could not be resolved
May 3 11:16:42 svanyc128 syslogd: line 39: WARNING: loghost could not be resolved
I can resolve the name loghost though with ping and nslookup and they're going to the correct IP. Does anyone have any other idea why these hosts don't behave the same?Ah, one of the guys I work with figured it out. /etc/services file was messed up. It's working now. :)
-
ORA-02291 - ORA-02063 on merge with dml error logging through DB link
Hello all,
I have 2 DB's and I would like to merge records from A into B with dml error logging through a db link.
Exemple:
merge into B@dblink
using (select ... from A where...)
when matched then
when not matched then
log errors into err$_A reject limit unlimited;
When I use this, and exception is thrown:
ORA-02291: integrity constraint (B.constraint_name) violated - parent key not found
ORA-02063: preceding line from dblink
I've got no idea of what causes this.
Could anyone please help me ?
Thanks !
Regards,
TDE.Hello damorgan,
Thanks for your answer.
I've well understood that its was a foreign key violation, and I guess that's an error in the source: wee make only logical deletes, and I'm quite sure the problem is there.
Anyway, I really would understand why dml error logging doesn't work in this case.
I'll investigate and keep you informed.
Regards. -
Can't create log file with java.util.logging
Hi,
I have created a class to create a log file with java.util.logging
This class works correctly as standalone (without jdev/weblogic)
import java.io.IOException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.logging.*;
public class LogDemo
private static final Logger logger = Logger.getLogger( "Logging" );
public static void main( String[] args ) throws IOException
Date date = new Date();
DateFormat dateFormat = new SimpleDateFormat("yyyyMMdd");
String dateStr = dateFormat.format(date);
String logFileName = dateStr + "SEC" + ".log";
Handler fh;
try
fh = new FileHandler(logFileName);
//fh.setFormatter(new XMLFormatter());
fh.setFormatter(new SimpleFormatter());
logger.addHandler(fh);
logger.setLevel(Level.ALL);
logger.log(Level.INFO, "Initialization log");
// force a bug
((Object)null).toString();
catch (IOException e)
logger.log( Level.WARNING, e.getMessage(), e );
catch (Exception e)
logger.log( Level.WARNING, "Exception", e);
}But when I use this class...
import java.io.File;
import java.io.IOException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.logging.FileHandler;
import java.util.logging.Handler;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.logging.XMLFormatter;
public class TraceUtils
public static Logger logger = Logger.getLogger("log");
public static void initLogger(String ApplicationName) {
Date date = new Date();
DateFormat dateFormat = new SimpleDateFormat("yyyyMMdd");
String dateStr = dateFormat.format(date);
String logFileName = dateStr + ApplicationName + ".log";
Handler fh;
try
fh = new FileHandler(logFileName);
fh.setFormatter(new XMLFormatter());
logger.addHandler(fh);
logger.setLevel(Level.ALL);
logger.log(Level.INFO, "Initialization log");
catch (IOException e)
System.out.println(e.getMessage());
}and I call it in a backingBean, I have the message in console but the log file is not created.
TraceUtils.initLogger("SEC");why?
Thanks for your help.I have uncommented this line in logging.properties and it works.
# To also add the FileHandler, use the following line instead.
handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandlerBut I have another problem:
jdev ignore the parameters of the FileHandler method .
And it creates a general log file with anothers log files created each time I call the method logp.
So I play with these parameters
fh = new FileHandler(logFileName,true);
fh = new FileHandler(logFileName,0,1,true);
fh = new FileHandler(logFileName,10000000,1,true);without succes.
I want only one log file, how to do that?
Maybe you are looking for
-
Create storage location at the time of goods receipt
Hi How do i create the storage location automatically at the time of GR thanks
-
When holding on a link, why don't I have the option to open in a new tab?
I'm trying to open PDFs and PowerPoint though my school website angel. When getting to the link that opens the power point or PDF, my classmates are able to hold on the link and get options one of which is to open In a new tab. I do have the option t
-
Configure DB connections used by Human workflow
Hi All We are using Oracle BPEL for orchestrating a process flow; the BPEL process uses Human workflow service for assigning tasks to users and Java client code(SOAP client) is used to update tasks assigned to users.(we are not using Worklist applica
-
JRE1.6.0-11 Download faild...Please Help
I try to download the Jre1.6.0-11 and everyhting goes fine till the end I get an >Java Error> Download failed: The message I get is a dialog box with: from=http://javadl.sun.com/webapps/download/Getfile/1.6.0-11-b03/windows-i586/jre1.6.0_11-cl.msi, t
-
Ui fonts in dartium (chromium-fork) are invisible
Hello, my dartium renders webpages correctly, but ui fonts (address-bar, tabs, menus,...) are not shown. I can select the text and copy paste it. During the selection the blue background is correctly shown. chromium and chrome work fine. I have tri