CSM probe debugging

Hi,
i've tried to debug a non-scripted probe on my csm, but i can't see any output. What does the message "Health Monitor quiet mode: output error messages" mean, and how can i make those messages visible?
TIA, Stephan

Hi Gilles,
I was reading that CSM only supports on a HTTP Probes the request methods like "GET", "HEAD" and "URL", Not "POST".
It is possible to configure in a TCL script a HTTP Probe with "POST"?
I see in the manual (4.2(x) Release)that does not appears the generic tcl command "POST".
I will really appreciate your help.
Thanks
Hugo Rivas
Network Services
Data Center Triara

Similar Messages

  • Redundant CSM probes not working using OneArmedMode+PBR

    In a redundant configuration: 2xCat6500 with one CSM each, using One Armed Mode when we use Policy Based Routing for return traffic the redundant CSM probes fail. If we use Source NAT instead everything works fine (both Active and Standby ok).
    The problem is that we need to user PBR because the servers need to know the source IP and we want to assure a quick failover.

    I'm pointing to the alias address. I didn't mention before but both C6500 have an IP interface configured in the Server Side VLAN and are using HSRP. I think the problem is related with that - when the redundant CSM sends the probe request, the response is routed to the active CSM. Maybe I need to define a specific PBR to the probes.

  • CSM Probes went down for 15 minutes

    Hi all,
    This morning all the probes went down on the csm module for exactly 15 mins and then came back up. There has been nothing else in the logs to indicate whey the went down. I have found a watchdog process which i think might have started back up the process for SLB. Has anyone ever come across this and what was the reason that the probes stayed down for exactly 15 mins.
    Cheers
    Kev

    A possible workaround is to reset the card from the SUP console.
    Try:
    http://www.cisco.com/en/US/products/hw/switches/ps708/prod_release_note09186a00800fe64c.html

  • CSM Probe Question

    Hello,
    We are currently running an http probe on the CSM which accepts a return code of 200 and 401 (because this application is single sign on and CSM does not have a user defined for it).
    This application is having an issue where the web application is available and returning a 401 code, however in some cases the actual application instance is not available.
    The only way we can see that is by looking at the HTTP stream:
    HTTP/1.1 401 Unauthorized
    WWW-Authenticate: NTLM
    Content-Length: 0
    Date: Thu, 05 Jul 2007 16:29:22 GMT
    Server: Apache-Coyote/1.1
    Connection: close
    This connection close is the only value by which we can tell whether the application is working.
    My question is there anyway we can use this value in the probe. I am quiet sure that its not possible but if anyone can confirm that will be great.
    Thanks

    Hi Gilles,
    I was reading that CSM only supports on a HTTP Probes the request methods like "GET", "HEAD" and "URL", Not "POST".
    It is possible to configure in a TCL script a HTTP Probe with "POST"?
    I see in the manual (4.2(x) Release)that does not appears the generic tcl command "POST".
    I will really appreciate your help.
    Thanks
    Hugo Rivas
    Network Services
    Data Center Triara

  • PIX loadbalancing woth CSM - probe problem

    2 CSM/CATs on one side (FT)
    2 CSM/CATS on other (also FT)
    load balancing 2 PIX 535.
    probing icmp pings only "direct" pix interface
    the opposite interface will never answer to ping.
    So switching off int in one pix make real FAILED on one side but other side still have working real and sends traffic to one leg PIX.
    How to solve that ?

    I thinking about that:
    http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/csm_3_2/icn/fwldbal.htm#1037625
    when Firewall 1 and Firewall 2 are pinged on directly connected interfaces then directly connected probe detect pix problem. But problem with whole PIX device is less typical than one of his interfaces down (ie. fiber patchcord unplug) than one (opposite/working) interface answers with ping and CSM sends traffic to that "real".
    Great solution will be pinging opposite pix interface
    but this isn't supported by PIX ASA. So i have tried
    ping "any" ip behind pix which is currentl ip address of CSM VLAN.
    When you had one PIX there is no a problem... but when you had two of them you need check both of them.. you defining static route:
    ip_behind_pix VIA ip_pix_direct_int
    Then thing not only about ECHO REQ but also on ECHO REPLY - there is no way to put static routing for those devices what active and standbys on both sides will detect pix interface errros...
    There is no way to put REPLY on different gate than ECHO REQ...
    Think of it drawing 6 icons, giving them 10 ip (2 for pix inside and outside, one for every CSM) adds
    and then try set up static route that ping REQ and reply will go the same way. There is no such way...
    IMHO 8-)

  • Csm probe problem

    Hello,
    I have the following problem after configuring/setting up tcp probe:
    probe TCP tcp
    interval 10
    failed 30
    vserver test:3389
    virtual x.x.x.x tcp 3389
    serverfarm test
    inservice
    serverfarm test
    real a.a.a.a
    inservice
    real b.b.b.b
    inservice
    real c.c.c.c
    inservice
    probe TCP
    Vserver shows o.o.s
    serverfarm shows o.o.s probe failed for all servers
    when I show probe, I get:
    real vserver serverfarm policy status
    a.a.a.a:3389 test:3389 test (default) OPERABLE
    I have a separate VIP setup for each server without a probe and I can connect to them on port 3389, so I know
    the application/servers are ok.
    The csm is running ver 3.1(4)
    Can you explain why the probe shows operable yet the serverfarm shows probe_failed?
    Thanks,

    if you remove the probe, is the vserver inservice ?
    I would also recommend to test with a software more recent.
    There was some probe issues in the past and they should be fixed with new releases.
    Gilles.

  • Probs Debugging PL/SQL proc JDev903

    Im trying to debug PL/SQL functions in JDeveloper 9.0.3.
    Issue N1. In Run PL/SQL window JDev adds schema name to my function and PL/SQL block fails to compile. Im manually deleting prefix from my function and block is compiled successfully.
    Then an error happened: PLS-00302: component 'JDEV_TMP_PROC_1' must be declared
    Please advice
    Debugger attempting to connect to database.
    Executing PL/SQL: ALTER SESSION SET PLSQL_DEBUG=TRUE
    Executing PL/SQL: DECLARE
    id VARCHAR2( 30 );
    BEGIN
    id := DBMS_DEBUG.initialize( '24.27.75.30:1036303964414', 1 );
    DBMS_DEBUG.debug_on( TRUE );
    END;
    Debugger connected to database.
    Deadlock detection is not supported by the debuggee virtual machine.
    Executing PL/SQL: BEGIN MY_SCHEMA."JDEV_TMP_PROC_1"(); END;
    ORA-06550: line 1, column 11:
    PLS-00302: component 'JDEV_TMP_PROC_1' must be declared
    ORA-06550: line 1, column 7:

    JDev can debug with Oracle 8.1.7 or later.
    Is the PL/SQL you want to debug in the same schema as you are connecting? Because you mentioned schema names, I wonder if there may be a bug with trying to debug PL/SQL in a schema other than the one you are connected to. If so, can you try creating connection as the owner of the PL/SQL and see if that works?
    Thanks!
    -- Brian (JDev Team)

  • Recommended CSM Probe Timers

    Looks like 4 timer commands you can use on probes:
    1) Interval - How often to normally Probe
    2) Retries - How many consecutive normal interval probes have fail before marking server as failed
    3) Failed - How often to probe after a server is failed to determine if it should be brought back online
    4) Open - For TCP probes, how long to wait for a TCP socket to open.
    What do you guys recommend for timer values.
    Currently we're using 5-3-60-10
    But, I'm wondering about the 10-second Open timer. 10 seconds for a TCP socket to open? That seems insanely long. I'm tempted to change it to 1 second.

    The default interval is 120 seconds and it would take 3 probes to fail before it would bring down the server. You can lowering this and also using the command "fail action purge" so when a server fails it forces the user to disconnect.

  • Polling / Debugging / Showing RSSI values for Probe Requests for Unconnected Mobile Stations

    Hi Guys,
    I've been researching on this for last two days and still can't find a specific way to do this..
    I'm trying to get  information (MAC & RSSI) on the prob-requests from all mobile clients heard from an Access Point directly. That is, Without getting WLC and/or WSE and/or LBS involved)
    I understand that this information can be easily accessible from the WLC itself (from GUI or by polling the WLC using SNMP OIDs from AIRSPACE-WIRELESS-MIB).  But this MIB is not compatible with the AP's IOS. So no luck there..
    I found an MIB (CISCO-DOT11-ASSOCIATION-MIB) that works on the AP and would give me information only on the connected/associated clients but NOT on the probing-unconnected clients.
    The closest I have gotten so far is the following debug command on the AP,
       debug dot11 rxprobe
       dot11 RX Probe debugging is on
       023937: Oct 29 11:47:02 ACDT: ToCtrl: 00016F, 001, -11b, ffff.ffff.ffff, 1234.abcd.1234 SSID: NULL
       023938: Oct 29 11:47:02 ACDT: ToCtrl: 000171, 001, -11b, ffff.ffff.ffff, 1234.abcd.1234 SSID: someSSID
    Which, as you can see, outputs the MAC address of the probing station. But I'm not quite sure what the other values represent. Can someone please point out the real meaning of the other information presented in this output (is RSSI hidden somewhere there :)).
    Also, Is there any other way of getting this information out ? ( again without using the WLC or WSE or LBS)
    When AP is linked up with an WLC, the AP pushes this information to the WLC via the CAPWAP tunnel. So definitely this information is in there (may be not stored in the AP). I just can't find a way to tap this information.
    Any information surrounding this will be much appreciated.
    Why I want this?: I'm working on a project that needs this functionality.
    Thanks 

    The same command on a 1130 outputs:
    *Mar  1 03:58:00.684: ToLwapp:      000769, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: NULL
    *Mar  1 03:58:00.685: ToLwapp:      00076A, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: eduroam
    *Mar  1 03:58:00.685: ToLwapp:      00076B, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: Vodafone-42F541
    *Mar  1 03:58:00.727: ToLwapp:      000794, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: eduroam
    *Mar  1 03:58:01.454: ToLwapp:      00026B, 001, -11b, ffff.ffff.ffff, 1c4b.d68c.d7de SSID: eduroam
    *Mar  1 03:58:01.474: ToLwapp:      00027F, 001, -11b, ffff.ffff.ffff, 1c4b.d68c.d7de SSID: eduroam
    *Mar  1 03:58:01.967: ToLwapp:      00046D, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: NULL
    *Mar  1 03:58:01.968: ToLwapp:      00046D, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: eduroam
    *Mar  1 03:58:01.969: ToLwapp:      00046E, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: Vodafone-42F541
    *Mar  1 03:58:06.723: ToLwapp:      000701, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: NULL
    *Mar  1 03:58:06.724: ToLwapp:      000701, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: eduroam
    *Mar  1 03:58:06.725: ToLwapp:      000702, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: Vodafone-42F541
    *Mar  1 03:58:06.771: ToLwapp:      000730, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: NULL
    *Mar  1 03:58:06.771: ToLwapp:      000730, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: eduroam
    *Mar  1 03:58:06.772: ToLwapp:      000731, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: Vodafone-42F541
    *Mar  1 03:58:07.616: ToLwapp:      00027D, 001, -11b, ffff.ffff.ffff, 9cb7.0d6c.9b38 SSID: eduroam
    *Mar  1 03:58:07.647: ToLwapp:      00029D, 001, -11b, ffff.ffff.ffff, 9cb7.0d6c.9b38 SSID: eduroam
    *Mar  1 03:58:07.986: ToLwapp:      0003EF, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: NULL
    *Mar  1 03:58:07.987: ToLwapp:      0003F0, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: eduroam
    *Mar  1 03:58:07.988: ToLwapp:      0003F1, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: Vodafone-42F541

  • Identity firewall NetBIOS Probe problem

    Hi,
    I've setup an Identity Firewall on a ASA5510 version 8.4.5 (inside interface). ADAgent is installed and configured on an Windows 2003 server and connected to the DC (Windows 2008 server). Everything works fine except the NetBIOS Probe function.
    The NetBIOS probe function is active and configured as below.
    user-identity domain TEST aaa-server LDAP_Identity
    user-identity default-domain TEST
    no user-identity action mac-address-mismatch remove-user-ip
    user-identity inactive-user-timer minutes 120
    user-identity logout-probe netbios local-system
    user-identity poll-import-user-group-timer hours 1
    user-identity ad-agent aaa-server adagent
    user-identity user-not-found enable
    The problem is following message...
    "746013 user-identity: Delete IP-User mapping 192.168.3.61 - TEST\Peter Succeeded - Netbios probing failed"
    I've never seen an NetBIOS probe successful message
    Can anyone help me with this issue?
    Thanks

    Hi,
    Could you please run some of these debug commands:
    debug user-identity user
    debug user-identity user-group
    debug user-identity ad-agent
    debug-user-identity ldap
    debug user-identity logout-probe
    debug user-identity acl
    debug user-identity tmatch
    debug user-identity fqdn
    debug user-identity process
    debug user-identity debug
    debug user-identity error
    debug ldap 255
    Also here is a guide that may provide some direction -
    https://supportforums.cisco.com/docs/DOC-20366
    Tarik Admani
    *Please rate helpful posts*

  • Ace HTTP Probe expect regex

    Hi,
    I have a question about the config of the ACe probe.
    I have the following probe defined :
    probe http P_HTTP_TEST
    interval 5
    passdetect interval 2
    passdetect count 2
    request method get url /test
    expect status 200 200
    expect regex trululu
    I would like to use the regex just like the expect string on the csm probe...
    The regex doesn't seem to work as the strin trululu is not on the page tested.
    I guess the expect status override the regex but without the expect status it doesn't work either.
    Anyone know how exactly the probe expect works for http ?
    Another question, on the CSM module, the tcp probe by default use the real port for the probe, not the default port of the probe type, is it possible to change that so it mimmicks the CSM way of working ?
    Thanks a lot ;-)

    This seems to be bug related to some version of ACE software as HTTP return code overrides missing regexp. For sure this bug is present in:
    system:    Version A2(2.0) [build 3.0(0)A2(2.0)]
    Notice the difference between 192.168.1.1 (is missing regex in HTTP response) and 192.168.1.2 (sends regexp in HTTP response). Both are successful and as addition 192.168.1.1 (missing regexp) is showing last status code 200 which seems to be sufficient for probe to pass. 192.168.1.2 (which sends expected regexp) doesn't show last status code.
    probe       : tw2_http_81
    type        : HTTP
    state       : ACTIVE
    description :
       port      : 81      address     : 0.0.0.0         addr type  : -
       interval  : 30      pass intvl  : 30              pass count : 1
       fail count: 1       recv timeout: 10
       http method      : GET
       http url         : /knowtw2-f/livelink.exe?func=ll&objtype=142&bypass
       conn termination : GRACEFUL
       expect offset    : 0         , open timeout     : 10
       expect regex     : lbmonitor
       send data        : -
                           --------------------- probe results --------------------
       probe association   probed-address  probes     failed     passed     health
       ------------------- ---------------+----------+----------+----------+-------
         real      : 192.168.1.1[81]
                           192.168.1.1    2          0          2          SUCCESS
       Socket state        : CLOSED
       No. Passed states   : 1         No. Failed states : 0
       No. Probes skipped  : 0         Last status code  : 200
       No. Out of Sockets  : 0         No. Internal error: 0
       Last disconnect err :  -
       Last probe time     : Mon Nov  7 12:38:42 2011
       Last fail time      : Never
       Last active time    : Mon Nov  7 12:38:22 2011
         real      : 192.168.1.2[81]
                           192.168.1.2    2          0          2          SUCCESS
       Socket state        : CLOSED
       No. Passed states   : 1         No. Failed states : 0
       No. Probes skipped  : 0         Last status code  : 0
       No. Out of Sockets  : 0         No. Internal error: 0
       Last disconnect err :  -
       Last probe time     : Mon Nov  7 12:38:27 2011
       Last fail time      : Never
       Last active time    : Mon Nov  7 12:37:58 2011

  • Moved CSM's from 6509 to 6513

    I just upgraded to a 6513 with sup720's. I moved both csm's and config info to the new config. Everything is working but before the move I could see both csm probe details and they were both operable. Now after the move only the active say's operable and the standby says failed. How do I get this back so that both are operable?

    you will have to do some troubleshooting.
    Get on the standby.
    See if it can ping the server.
    'ping mod csm X x.x.x.x'
    Check csm arp table.
    Check L2 mac-address table between CSM and server.
    finally, sniff on the server to see if it gets the probe and if it does send a response.
    Once you know exactly why it fails, you'll know how to fix it.
    Gilles.

  • Cisco Security manager syslog.log file problem

    Hello
    I have this problem with the CSM, the next file Syslog.log  (C:\Program Files\CSCOpx\log\Syslog.log  ), this file grows very fast to fill the hard disk and saturates the server, I have tried the log rotation of the cisco works but it doesnt work, what else can i do?
    the hard drive fills in 4 hours. tankyou

    In CSM clinet under Tools > CSM Administration > Debugging you can changing the level to something higher than debugging.
    I hope it helps.
    PK

  • Spool waiting

    It was a BDC program which is updating FB05 by using call transaction and the results will updates in to the spool.
    When I try to run the program in background, I am not getting the spool correctly and the status of program is showing as waiting.
    please let me know what is the reason it is showing as waiting in the spool.

    First u debug the background job, so that u can know whats the prob.
    debug using SM50 or JDBG commands
    Madhavi

  • AS5400 not doing callback

    Hi
    Have an AS5400 with modem cards and E1 ports, configured for dial backup with callback. Sometimes the callback doesn't complete, and in the debug output we receive the message "no interface available". Soon after in the debug, there is an incoming call in the same interface. It seems that the AS5400, after disconnecting the call to do the callback, received another call, and placed it in the same modem that would be used for callback. This happens even if there are plenty of idle mdems and E1 channels in te equipment. How can we avoid that?
    Following is the debug output:
    Jul 12 18:30:16.067: As2/05 DDR: PPP callback: Callback server starting to u01005460 0158232234500
    Jul 12 18:30:17.067: As2/05 DDR: disconnecting call
    Jul 12 18:30:28.231: As2/05 DDR: Dialer statechange to up
    Jul 12 18:30:28.235: As2/05 DDR: Dialer received incoming call from <unknown>
    Jul 12 18:30:31.067: As2/05 DDR: beginning callback to u01005460 0158232234500
    Jul 12 18:31:05.387: As2/05 DDR: re-enable timeout
    Jul 12 18:31:05.387: As2/05 DDR: beginning callback to u01005460 0158232234500
    Jul 12 18:31:05.387: As2/05 DDR: No interface available for callback to u01005460 0158232234500
    Jul 12 18:31:09.235: As2/05 DDR: Dialer statechange to up
    Jul 12 18:31:09.235: As2/05 DDR: Dialer received incoming call from <unknown>
    Jul 12 18:31:16.067: As2/05: Dialer session up timeout, 277E0410

    Hi,
    If you could upload the following debugs, it would be more helpful for the audience:
    debug dialer
    debug isdn q931 (disregard if its T1/CAS)
    debug modem
    debug csm modem
    debug chat
    debug ppp nego
    debug ppp authen
    debug aaa authen
    debug aaa authoriz
    debug callback
    If possible, it would be nice to see 'show ver' and 'show run' as well. However, please make sure you hide the username/passwords and ip addresses.
    Thanks and Regards,
    ~Zulfiqar

Maybe you are looking for