Concentrator: User Traffic Logging
Hi,
is there a possibily to log the traffic generated by a VPN client user? Traffic means protocol, destination ip and port.
Something like netflow for users?
thx.
marco
Hi Waheed,
You can use Network Performance tools from Riverbed.
http://www.riverbed.com/products/
HTH
Similar Messages
-
Need Help to create access-list based on traffic logs
Hello,
We didn't have any Firewall in our network, we recently implemented Cisco ASA (Context) firewall in our network with any any permit rule .
Our intension is to collect the source, destination, protocol & ports based on the traffic logs and then implement the access-lists , once we confirmed all the rule will added to the firewall we want remove any any permit rule .
I need some suggestion regarding this how we can proceed on this plan, any suggestions appreciated
RajkumarHi Rajkumar,
That is not the ideal way of doing... this will lead to a provisioning an unauthorized person to access for something he is not authorized to.
How many users do you have in your network? Try to categorize users based on their present authorization level of access.... say Team A users need to access everything... then you need to group them and provide full access..... Team B users need to be provided with only restricted access.... then group them and provide restricted access....
If your case is something like this.... all users need unrestricted intranet access and certain users alone requires internet acceess... then you can define rules accordingly....
Regards
Karthik
Regards
Karthik -
Using vrf for separating management and user traffic
hello
We use vrf in our network for separating user / production traffic vs management traffic. but the way we have used it has turned out to be messy and we are in a situation where we no longer have the distinction between the two. I personally feel that vrf is a great way to separate management vs user traffic.
Here is why I am in a dilema
If VLANS for users computers and server VLANS are in USERS vrf
and management servers ( including domain controllers, AD) are in management vrf , there is no way this will work . and this was the reason we thought it was going to work. now I am wondering if using vrf is even necessary in an enterprise environment when management traffic can be separated on server end and not so much at the clients end.
anyone has any ideas how to go about this..Hello, very interesting scenario! I was in a similar position to you. I agree VRF's are great for management purposes, as it provides you with total segregation of routing instances. In fact the newer cisco devices come with vrf's configured for management out the box, with a separate interface for management only (for the network device itself).
However, when it comes to enterprise networks and you have domain controllers, file servers, messaging, maybe ACS or ISE, proxies etc... and other services that should be available for your users, is there any point in using vrf's to separate users from management servers. Lets take for example:
A PC on the domain, and I want to log in using my AD credentials. You need to be able to contact the domain controller(s) in order to login right? Since vrf's are contained they will have no routes to get to different networks in other vrf's. Except when configured to do so.
Unless you do something called vrf route leaking or advertising. It's explained well here:
http://packetlife.net/blog/2010/mar/29/inter-vrf-routing-vrf-lite/
http://blog.ipexpert.com/2010/12/01/vrf-route-leaking/
Anyway, nevertheless - you are still going to be providing reachability via routing, so this defeats the purpose kindof... It could add unnecessary complexity too.
Me personally, I just made sure that they were separated by VLAN's and had a dedicated vrf for management, i.e. ssh, snmp etc... to the network devices. I weighed up and thought its not worth doing something that will not really be of any benefit.
I can understand the need for ISPs and large service providers to use this but not business/enterprise.
I hope this helps. -
IPod not recognized by iTunes-message about other users being logged in
Recently, whenever I connect my Ipod to the USB device to update my library, I often get an error message stating there are other users using itunes on my computer already, so itunes cannot recognize the ipod. Then it says to ask other users to log out, and then try again.
No other people but me ever use itunes on my computer and no one else is logged in but me (and I'm the only person who has an iPod account in my family). I try all different things, like logging everyone else's accounst on the computer off, restarting itunes, reconnecting the USB, etc- but nothing works. The message won't appear after this again (unless I've restarted itunes), but a window pops up about my ipod with all different files, like "calendar."
Can anyone tell me why this happens, and how to connect my ipod when it does?
Video Windows XPTry this.
Fast user switching in Windows XP is not supported.
Incidentally, this a forum for connecting to a Mac. -
User SAP* is active. No other users can log on. Now What?
After the last time I restarted the portal, I get the following message when I try to logon:
User SAP* is active. No other users can log on
Before the reboot, I was trying to configure LDAP. I changed the Data source from "Database Only" to "Read-Only Microsoft ADS (Deep Hierarchy) + Database". I also, tried to create a Superuser/Password. You can logon using SAP* and see the users from LDAP.
Any thoughts? Also, can anyone clarify the configuration option:
SAP* User Configuration
Enable SAP* user (If you disable the SAP* user, enter a superuser ID and password below)
Superuser Name
Superuser Password
EP6.0Bill,
You have to assign a user the super admin role. Once the user has this role, go to the UM Configuration (System Admin--> System Config --> UM Configuration) and uncheck the Enable SAP* User option and enter in the superuser name and superuser password. Restart the portal and users should be able to login.
FYI. No users can login to the portal if sap* is active.
Regards,
Marty -
SAPJSF user cannot log-on to the User Management Engine.
We have a newly installed PI 7.0 system.
SLDCHECK is succussful but if we go to the http://hostname:50100/sld - we are redirected to http://hostname:50100/logon/logonServlet?redirectURL=%2Fwebdynpro%2Fdispatcher%2Fsap.com%2Ftc%7Esld%7Ewd%7Emain%2FMain
When we check the default.trc file, we see the error: User "SAPJSF" is the communication user for the connection between User Management Engine and the ABAP backend system SIDCLNTxyz. This user cannot log-on to the User Management Engine.
The SAPJSF user is not locked in SU01. This user is used by the JCO providers to connect to the gateway service.
We opened Visual Administrator and navigated to Server0 -> Services -> UM Provider
We changed the password property at ume.r3.connection.master.passwd
We then restarted the ABAP and J2EE engine. But we still see this error.
Any help to solve this issue is appreciate.
Jay MallaHi,
Please, refer the link below. It says you cannot logon with SAPJSF user to J2EE engine for security reasons.
http://help.sap.com/saphelp_nw2004s/helpdata/en/4e/225b42eeb66255e10000000a155106/frameset.htm
Thanks
R.Murali -
ICal Server - User can log in from iPhone but not from Desktop Mac
I've got quite the peculiar problem with iCal Server on OS X 10.6.6 - my users can log in and access the shared calendars using their iPhones. When I set up an the same account on their desktop Macs in iCal, I get an error message "The server did not recognize your user name or password for account <username@servername>".
I'm positive that username and password are correct. The only thing I found about that in the log files was that the CalDAV server returns a 201 HTTP status code when accessing the account from the iPhone vs. a 407 status code when using iCal on their desktop Mac. The same accounts are used for Email, File Sharing and Address book, all of which run fine.
Has anyone experienced a similar problem? Maybe even solved it?Solved it myself - there was a non-ASCII character in the account password. Strange that the iPhone didn't have a problem with that while iCal did. Now that I've changed the password to contain only ASCII characters, the problem is gone.
-
I am having a hard time migrating a C++ CryptoAPI-based application that currently runs on Windows Server 2008 to Windows 8.1. The scenario is:
This application is eventually triggered by WatchDog.exe, which in its turn is triggered when the computer is started by Windows' Task Scheduler.
Task Scheduler uses the following rules to start the WatchDog.exe:
A Administrator User Account;
Run Whether user is logged on or not;
UNCHECKED: Do not store password. The task will only have access to local resources;
Run with Highest Privileges;
Configure for Win 8.1;
Triggered at system startup.
The server sits there, nobody logged, until in a given scenario WatchDog.exe starts the application. Application log confirms that the owner of the process (GetUserName)
is the very same user Task Scheduler used to trigger WatchDog.exe.
It turns out that this application works fine in Windows Server 2008, but in windows 8.1 a call to CryptAcquireContext fails
with return code ERROR_FILE_NOT_FOUND (2L). The odd thing is that the application will NOT fail if, when started, the user is physically logged
on the machine, although it was not the user who started the application manually.
I took a look at the documentation and
found:
"The profile of the user is not loaded and cannot be found. This happens when the application impersonates a user, for example, the IUSR_ComputerName account."
I had never heard of impersonification, so I made a research and found the APIs LogonUser,ImpersonateLoggedOnUser and RevertToSelf.
I then updated the application in this way:
HANDLE hToken;
if (! LogonUser(L"admin", L".", L"XXXXXXXX", LOGON32_LOGON_BATCH, LOGON32_PROVIDER_DEFAULT, &hToken))
logger->log (_T("Error logging on."));
else
logger->log (PMLOG_LEVEL_TRACE, _T("Logged on."));
if (! ImpersonateLoggedOnUser(hToken))
logger->log (_T("Error impersonating."));
else
logger->log (_T("Impersonated."));
err = XXXXXXXXX(); // calls function which will execute CryptAcquireContext
if (! RevertToSelf())
logger->log (_T("Error reverting."));
else
logger->log (_T("Reverted."));
Excerpt with the call to CryptAcquireContext:
// Get the handle to the default provider.
if(! CryptAcquireContext(&hCryptProv, cryptContainerName, MS_ENHANCED_PROV, PROV_RSA_FULL, 0))
DWORD e = GetLastError();
_stprintf_s (logMsg, 1000, _T("Error %ld acquiring cryptographic provider."), e);
cRSALogger->log (logMsg);
return ERR_CCRYPT_NO_KEY_CONTAINER;
cRSALogger->log (_T("Cryptographic provider acquired."));
As the result, I got the log:
[2015/01/08 20:53:25-TRACE] Logged on.
[2015/01/08 20:53:25-TRACE] Impersonated.
[2015/01/08 20:53:26-ERROR] Error 2 acquiring cryptographic provider.
[2015/01/08 20:53:26-TRACE] Reverted.
That seems to show that impersonation is working properly, but still I get Error 2 (ERROR_FILE_NOT_FOUND) on CryptAcquireContext.
Summary:
On Windows Server 2008, the very same application runs properly even without the calls to LogonUser/Impersonate/Revert.
On Windows 8.1, the application, with or without the calls to LogonUser/Impersonate/Revert, will only work properly if the user is logged on (which
is not acceptable).
Any thoughts where I can run to in order to get this working on windows 8.1?
Thank in advance,
DanThere are a couple of issues.
Based on the parameters being used in CryptAcquireContext(). A profile needs to be loaded and your app has to be running as the same user who created the keyset. (which is why it works when a user is logged on Windows 8.1) Also, impersonation
does not load your user profile, you need to call LoadUserProfile(). It seems like you should be using a machine keyset for your scenario if you want to do this when nobody is logged on.
Take a look at the following KB article for more information.
https://support.microsoft.com/kb/238187?wa=wsignin1.0
thanks
Frank K [MSFT] -
What's the best way to check whether a user is logged in or not?
I have a question about basic session handling.
I'm running Tomcat 5.0.30 and have a web application where users can register with a username and password, and then log into a "member site".
What is the best way of making sure that a user actually has logged in or not?
What I've done in previous applications I've made is that I've just put a simple variable into the users session after he has successfully entered his password (i.e. Boolean loggedIn=true). Then I just test if this flag is true to grant him access to the member site. Is that a smart way of doing it?
Are there any libraries I can use which handles sessions for me in a secure way?
All comments and suggestions are appreciated!Maintain a flag using session attributes it to one when the user is logs in set it to value.... and change set it zero or invalidate that session... when the user is logged out...
use something like this while user had logged in
session.setAttribute("flag",<unique_number>);
for checking whether the user had logged in or not...
if(Integer.parseInt(session.getAttribute("flag").toString())=!<unique_number>){
out.println("The session had expired");
out.close();
} -
Only One Mobile User can Log In to Laptop
I have a network account on my Mac Book Pro. I can log in no problem, access everything on the network, etc. but no one else can log in to this particular laptop. All of the other users can log into each other's identical Mac Book Pros, my account included. I have checked in my MBP's System Preferences > Accounts and the "Allow network users to login to this computer" checkbox is checked. The PDC is Leopard 10.5.6 running Open Directory.
When one of the other network accounts tries to log in to my computer we get the following error:
You are unable to login to the user account (username) at this time. Logging in to the account failed because of an error.
I have googled that error but nothing seems to apply to this situation. Most of the postings found here and on the web are authenticating against Active Directory, and the assumption seems to be no one can log in, not just select accounts.
I've done plenty of searching here and on Google but the description of the problem is hard to summarize so I'm posting my own question. Thank you in advance for any information you can provide.Is this a second hand phone? It sounds like the it is and the previous owner did not disable Activation Lock, the antitheft feature of iOS. If this is the case then the only solution is to get the previous owner to unlock it.
-
How do I make it so users can log in and sign up on my adobe muse website
How do I make it so users can log in and sign up on my adobe muse website?
If you would read through the Muse forum, this subject has come up multiple times.
Muse does not currently support CMS, passwords, logins or bespoke client areas. -
How can I find the IP address of guest users who log on to my Adobe Connect Meeting?
We had an Adobe Connect meeting that was open for guest users to log in under generic user names. Does the Adobe Connect meeting log keep the IP address or other identifiable information for these guest users?
Footprints will track and report the User IP's.
http://www.refineddata.com/index.php?option=com_content&view=article&id=62:footprints&cati d=43:custom-pods&Itemid=62 -
OD users cannot log on without server home directory
I am new to OD and am trying to configure a working setup for a few Macs on the network. The server is set up as an OD master, and while we are running Active Directory, the Mac server is not integrated into the AD network. DHCP and DNS are handled by the server that provides AD.
I have set up a few test users and bound a Mac to the OD server for testing. I've found that if I don't specify a home directory for a particular user in workgroup manager (i.e. I just leave it at (none)), the user cannot log on to the bound Mac. The log in window begins to slide as if it is accepting the password, then stops and shakes and brings me back to the login window without any error message. If I specify a home directory on the server, it will then accept the username and password, show that I am logging in as said user, then display the message, "You are unable to log in to the user account [user] at this time. Logging into the account failed because an error occurred."
I'm guessing the error message relates to a permissions issue with the way the home directories are set up. But honestly, I'd rather the users just have their home directories stored locally rather than on the server. How do I configure it so that the users are able to log on and their home directories are stored locally?
Thanks in advance for any assistance that can be provided!After playing around with the system some more, I found that I had to explicitly specify the local home directory. I set it to /Users/ and everything seems to be working now.
-
DC on VM Restored after crash - Does Not allow PCs to Join Domain, or Domain Users to Log in
We currently had a RAID array crash and rebuilt our main server which housed VMs for our Web and DC.
The main server was restored from a bare-metal backup from 6 months prior to the latest backup of the VMs (not sure if pertinent)
Since the Restore, Domain computers cannot access file shares on the main server or VMs - "unspecified network error
0x80004005
Removed the main server from the Domain to re-join it due to some issues with logging in (even with a Domain Admin account) - Found that any PC removed from the domain was no longer able
to rejoin - Receive (Network path was not found error)
Domain Users cannot log in to their computers - Error reads "The trust relationship between this computer and the domain has been lost" - Domain Admin accounts can log in without
problem.
Have been working on it for two weeks and tried most of the things that I have found in others questions for related
DCDIAG results (run on DC VM) - More errors appear if run on the Server (Locator DcGetDcName(GC_Server_Required) call failed, error 1722 (same for PDC, TIME, GOOD_TIME, and KDC)
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC1
Starting test: Connectivity
......................... DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC1
Starting test: Advertising
......................... DC1 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC1 failed test FrsEvent
Starting test: DFSREvent
......................... DC1 passed test DFSREvent
Starting test: SysVolCheck
......................... DC1 passed test SysVolCheck
Starting test: KccEvent
......................... DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC1 passed test MachineAccount
Starting test: NCSecDesc
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
......................... DC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... DC1 passed test ObjectsReplicated
Starting test: Replications
......................... DC1 passed test Replications
Starting test: RidManager
......................... DC1 passed test RidManager
Starting test: Services
......................... DC1 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x80040022
Time Generated: 01/15/2015 19:32:28
Event String:
The driver disabled the write cache on device \Device\Harddisk0\DR0.
A warning event occurred. EventID: 0x80040022
Time Generated: 01/15/2015 19:32:28
Event String:
The driver disabled the write cache on device \Device\Harddisk0\DR0.
A warning event occurred. EventID: 0x80040022
Time Generated: 01/15/2015 19:32:28
Event String:
The driver disabled the write cache on device \Device\Harddisk0\DR0.
A warning event occurred. EventID: 0x000003F6
Time Generated: 01/15/2015 19:32:52
Event String:
Name resolution for the name DC1.Home.xxx.com timed out after none of the configured DNS servers responded.
An error event occurred. EventID: 0xC00038D6
Time Generated: 01/15/2015 19:33:25
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
A warning event occurred. EventID: 0x00000420
Time Generated: 01/15/2015 19:33:29
Event String:
The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration.
Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
A warning event occurred. EventID: 0x00002724
Time Generated: 01/15/2015 19:33:33
Event String:
This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
A warning event occurred. EventID: 0x000727AA
Time Generated: 01/15/2015 19:36:34
Event String:
The WinRM service failed to create the following SPNs: WSMAN/DC1.Home.xxx.com; WSMAN/DC1.
A warning event occurred. EventID: 0x00001695
Time Generated: 01/15/2015 19:59:52
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'Home.xxx.com.' failed. These records are used by other computers to locate this server as a domain controller (if the specified
domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
A warning event occurred. EventID: 0x00001695
Time Generated: 01/15/2015 19:59:52
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.Home.xxx.com.' failed. These records are used by other computers to locate this server as a domain controller
(if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
A warning event occurred. EventID: 0x00001695
Time Generated: 01/15/2015 19:59:52
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.Home.xxx.com.' failed. These records are used by other computers to locate this server as a domain controller
(if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
A warning event occurred. EventID: 0x00000420
Time Generated: 01/15/2015 20:20:21
Event String:
The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration.
Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
A warning event occurred. EventID: 0x00002724
Time Generated: 01/15/2015 20:20:25
Event String:
This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
......................... DC1 failed test SystemLog
Starting test: VerifyReferences
......................... DC1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Home
Starting test: CheckSDRefDom
......................... Home passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Home passed test CrossRefValidation
Running enterprise tests on : Home.xxx.com
Starting test: LocatorCheck
......................... Home.xxx.com passed test LocatorCheck
Starting test: Intersite
......................... Home.xxx.com passed test Intersite
All PCs can ping the DC, and get name resolution. Checked IPs, DNS on both WS and DC (DC points to its own IP address with no other DNS), Forwarders for DNS appear to be working,
as normal DNS name resolution and internet access works on all PCs. Have tried disabling NIC card and installing another NIC. All searches keep pointing back at the same things that I have tried. I feel like I am missing something stupid.
Please helpThe backup you used is too old. That is why your clients are experiencing trust relationship failures: the computer passwords are no longer matching so they are failing to connect to AD. You need to disjoin and join them again.
I understand that this is the only DC you have so please make sure that the DC is not multihomed, that it points to its private IP address as primary DNS server and 127.0.0.1 as secondary one. Also, you might need to rebuild your SYSVOL folder if you keep
getting the SYSVOL errors: https://support.microsoft.com/kb/315457?wa=wsignin1.0
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
How many users have logged in the Enterprise portal
Hello Expert,
Please suggest..
Feature required to monitor as how many users have logged in the Enterprise portal 7.0(Portal is Implemented with MDM), so that utilization can be known.
Regards,
VidhanshiHi,
You can wirte the following code to get the logged in user's ID
try {
IWDClientUser wdClientUser = WDClientUser.getCurrentUser();
IUser sapUser = wdClientUser.getSAPUser();
IUserAccount[] acct = sapUser.getUserAccounts();
String str = acct[0].getDisplayName();
wdComponentAPI.getMessageManager().reportSuccess("user "+ str);
} catch (WDUMException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (UMException e) {
// TODO Auto-generated catch block
e.printStackTrace();
You need security api for using it make sure that is present.
[Find out who is login into the Portal|http://forums.sdn.sap.com/thread.jspa?threadID=1723807]
Hope This is Help full for you!!!
Best Regards
Vijay K
Maybe you are looking for
-
Network Windows Laptop with iMac
Hello, To start with I am not quite sure if this is the right section, if not then please let me know and i will move the thread. I am looking to find a way to connect on my iMac through my windows based laptop and specifically on my Movies folder. i
-
I can only capture 6 min of video Help
Can anyone tell me how to change the settings so I can get more video captured on my new mac book pro. I have Model Name: MacBook Pro Model Identifier: MacBookPro3,1 Processor Name: Intel Core 2 Duo Processor Speed: 2.4 GHz Number Of Processors: 1 To
-
I have two questions. How can I create a slideshow on my opening page, is there a way to do this importing iphoto then is there a way to create galleries instead of having all the links above such as photo 1, photos2. I would like to have someone go
-
What to do with 8-cores in Aperture?
Hello, I was just watching the Activity Monitor on my MacPro 4-core while sorting and searching in RAW photos in Aperture 1.56 under Leopard. It never really used the 4 available cores. JO
-
App store says there is one update but none need updating
I just upgraded to Yosemite and under my Apple menu, the App Store shows there is one update needing to be done but when I open the App Store, it shows none need updating. This is a week-old MacBook Pro with 2.8Ghz i5, 8GB, and 512 SSD.