EA4500 and Traffic Monitoring / Logging
Hi all,
I'm thinking of switching to another ISP which is faster and cheaper than who I'm currently with.
Only problem is they have data caps.
Does anybody know of a way to log inbound/outbound traffic usage with this router so that I can make sure I'm not going to hit monthly limits?
Thank you.
It’s actually an option that you can enable on this router. You can enable the log on this router to allow you to monitor traffic between the local network and the Internet. If you are using the classic firmware, you can enable it by accessing the router page > Administration > Log. If you are using the smart wifi firmware, this link will give you the instructions:Enabling the Logs feature using your Linksys Smart Wi-Fi Account.
Similar Messages
-
Need help in generating L4 Traffic monitor logs
Hi,
As a part of my project I need to study different types of logs produced by Cisco IronPort. I could generate some access and authentication logs however not sure about generating the L4 Traffic Monitor logs. Can anyone point me to right documentation that will help me generate those logs?
Thanks,
Harshad KashikarHarshad,
L4 Traffic Monitoring needs to be configured within the IronPort - first question is do you have a SPAN/TAP port set up on your switch to capture L4 traffic?
Second, I only use this feature to capture information on malware/spyware - I have seen P2P, IRC, and 'phone-home' traffic amongst other things. Do you have an infected host you can monitor?
BF -
Ea4500 and bandwidth monitoring
Hi.
I have a ea4500 router with 3 pc's, 4 iphones, 2 playstations, ipad, ps vita, house cat, and a printer all wired into the internet. There are four of us in the family all using the internet but I suspect one of us is using considerably more than the other. I live in the country and my current isp has us on the max available account - 50 gigs / month. Lately we have been hitting 45 in less than 3 weeks into the month. I would like to know which of the things connected or which person is using the most of the bandwidth up. Is there a program that doesn't require a phd in quantum physics and networking that can monitor this for me and spit out a report on who or what is the hog here?Bandwidth monitor does not come handy with this device. However, you can dig a little deeper through Google to find third party software that could monitor bandwidth consumption for every device inside the network. I found one that monitors the bandwidth consumption of each application installed on my computer. This one only monitors one computer not the network. You might be able to find a network monitor if you dig a little dipper through the net.
How to Monitor the Bandwidth Consumption of Individual Applications
How to Monitor Your Bandwidth -
Hello
is there any way to monitor traffic type passing through the WAN links on routers using LMS 4.2 ?any idea ?
Sent from Cisco Technical Support iPhone App -
Can an Ironport work in both WCCPv2 and L4 Traffic monitoring modes at the same time?
Hello Ciscoers,
We have an ironport installed and we use WCCPv2 to redirect the traffic. And as it occurs, I have a need to forward the traffic for another network, that uses another path to the Internet.
So I was thinking using the L4 Traffic Monitoring.
To the best of your knowledge, is there a way to have the appliance use both WCCPv2 and L4 Traffic monitoring at the same time? From the configuration, it's one or the other.
Thanks,
J.Ok. I'll try.
As a matter of fact, I plan to use policy-based routing to forward all the "interesting" traffic to the appliance.
For your TCP-Resets not seen, do you allow ingress on the span session?
J. -
Can monitor SCCM agent health through SCOM, monitor logs like CCMeval and setup alerts
Can monitor SCCM agent health/inactive agents through SCOM, monitor logs like CCMeval and setup alerts
You can find some management packs here:
http://systemcenter.pinpoint.microsoft.com/en-US/applications/search/Operations-Manager-d11?q=
There are other sites as well but this is the MS page for hosting MP's. The default SCCM 2012 Management pack for SCOM 2012 is pretty functional, this page talks a little bit about it:
http://blogs.technet.com/b/kevinholman/archive/2012/12/11/monitoring-configmgr-2012-with-opsmgr.aspx
If I remember correctly, it does NOT include a lot of client monitoring but I could be wrong. It might take some custom monitor creation or management pack downloads to get exactly what you're wanting. If I can find something like that
I'll add it to this post.
A good rule of thumb that I live by with SCOM, in case the product is new to you, is to save all your changes and customizations to the SCCM management pack in a custom-created management pack. -
How to monitor user logs,security logs,trace file,and performance monitori
Hi guys,
pls tel me how to monitor user logs,security logs,trace file,and performance monitoring.
thanks
regards
kamalHi,
you can have a look in the Netweaver administration :
http://<portal>:<port>/nwa
Go to monitoring, Java system reports, etc..., you will find what you want.
Fabien. -
Batch Monitor Log and Status translation list
Could someone point me to the page that explains what the batch monitor log is saying?
Status: Failed - 3x crash service down (This seems odd since I don't have a server and am using the This Computer option.
or
?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<logs tms="306256137.206" tmt="09/15/2010 11:08:57.206" pnm="Batch%20Monitor">
<log tms="306256137.208" tmt="09/15/2010 11:08:57.208" pid="4113" kind="mrk" sub="error" what="get-log" avail="false" msg="Get log query not supported."/>
</logs>
I don't mind looking up these, just need to know where to look.
ThankOk, no one knew.
-
Agent Desktop Recording and Silent Monitoring with IP Communicator.
Reading through the forums I have seen several posts which make me think this should work, but I can't seem to get silent monitoring or recording using the agent desktop to work when the agent is connected through IP communicator. Currently I have help desk agents using extension mobility to log into 7962s that are connected to thier desktops running agent desktop connecting to UCCX 7.01. Silent monitoring and recording work fine with thier hard phones. When I install IP communicator on the PC and log into it using EM, the agent desktop takes control of the IPC just fine and will distribute calls to it, but my recordings are blank and silent monitoring from an supervisor station fails to initialize. Is there something I am missing in the configuration that is special when using IPC instead of a hard phone? Thanks in advance.
Couple of things I've learned about the CIPC and monitoring/recording:
No named devices. Use the SEP + Mac Address of the local Ethernet interface.
Ensure the Ethernet interface can be put into permiscuous mode.
Ensure you are NOT using a shared line appearance for the IPCC Extension.
If you are using CAD to do the monitoring/recording, launch the CIPC before you launch CAD
If you are using SPAN, ensure the CIPC RTP traffic will traverse the network where the SPAN interface is located.
If you are calling phone-to-phone, know that the CIPC will attempt to negoitiate G.722. UCCX cannot monitor/record G.722. Set the region or call to the PSTN where you can guarantee a G.711 or G.729 call. -
Traffic monitoring for Coherence 3.1
The objective of our small project is to monitor the traffic on our coherence clusters. We also were trying to put the cache traffic as a object in the same cache name. The problem we encountered was during performance tests something happened to the coherence clusters and there appears to be some kind of lock not being released for others which made all the weblogic cluster go down. Weblogic went down with "too many open files". We have thread dumps which I can send if you guys need it nevertheless I have attached a part which I suspect is the reason.
Heres the Code that was trying to do the monitoring. The doPut Servlet method does the put , after the put it calls a method RegisterTraffic which has a small logic to increment the count & put back into the cache. It has a Lock for the particular "Traffic" key.
* The Servlets doPut method - Handles the Cache Put Requests
* @param HttpServletRequest request, HttpServletResponse response
* @return void
* @throws CacheException
public void doPut(HttpServletRequest request, HttpServletResponse response) throws
ServletException, IOException {
ServletOutputStream out = response.getOutputStream();
String value = "";
try {
String id = request.getPathInfo();
String expires = request.getHeader("Expires");
String contentType = request.getContentType();
String app_name = request.getHeader("App-Name");
int contentLength = request.getContentLength();
if (contentLength > 0) {
byte valueArray[] = new byte[contentLength];
ServletInputStream in = request.getInputStream();
int bytesRead = 0;
int offset = 0;
while (bytesRead > -1) {
bytesRead =
in.read(valueArray, offset, valueArray.length - offset);
offset += bytesRead;
if (offset == contentLength) {
break;
DataObject myValue = new DataObject();
myValue.setByte(valueArray);
myValue.setExpirationTime((Long.parseLong(expires))*1000);
Cache_Manager.put(id, myValue);
response.setContentType("application/octet-stream");
value = "ID "+id+" Stored";
out.write(value.getBytes());
out.flush();
RegisterTraffic(app_name,"PUT");
} catch (Exception ex) {
response.setContentType("application/octet-stream");
value = "CACHE_ERROR:"+ErrorCode.INTERNAL_PROBLEM_CODE+":"+"doPut:"+ErrorCode.INTERNAL_PROBLEM_MSG;
response.setContentLength(value.length());
out.write(value.getBytes());
throw new ServletException(value+"\n"+ex.getMessage());
* The Servlets Traffic Monitor method - Handles the Traffic monitoring
* @param appname, get or put or clear
* @return void
* @throws CacheException
public void RegisterTraffic(String appName, String action) {
String trafficKey = "Traffic";
try {
HashMap hmTotal = new HashMap();
HashMap hmToday = new HashMap();
Object obj = null;
HIDataObject dObj = null;
String today = (new java.util.Date().toString()).substring(0,3);
//String today = "SAT";
Long totalTrafficCount = new Long(1);
Long todayTrafficCount = new Long(1);
long totalCnt = 0;
long todayCnt = 0;
// Lock the Object.
Cache_Manager.lock(trafficKey,-1);
try{
dObj = (HIDataObject)Cache_Manager.get(trafficKey);
} catch(java.lang.NullPointerException nex) {
// If this Exception then we are doing it for the first time.
// Ignore this exception
} catch(Exception exe) {
CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+exe.getMessage());
if (dObj != null) {
hmTotal = dObj.getTotalTrafficHashMap();
hmToday = dObj.getTodayTrafficHashMap();
// HashMap.get will throw error for the first time , so initialize to 1.
try{
totalTrafficCount = (Long)hmTotal.get(appName+"-"+action);
} catch(java.lang.NullPointerException nex) {
CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+nex.getMessage());
try{
todayTrafficCount = (Long)hmToday.get(today+"-"+appName+"-"+action);
} catch(java.lang.NullPointerException nex) {
CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+nex.getMessage());
try{
totalCnt = totalTrafficCount.longValue();
todayCnt = todayTrafficCount.longValue();
} catch (Exception e) {
// Increase the counn here
totalCnt++;todayCnt++;
hmTotal.put(appName+"-"+action,new Long(totalCnt));
hmToday.put(today+"-"+appName+"-"+action,new Long(todayCnt));
try{
HIDataObject myValue = new HIDataObject();
myValue.setTotalTrafficHashMap(hmTotal);
myValue.setTodayTrafficHashMap(hmToday);
myValue.setExpirationTime(86400000);
Cache_Manager.put(trafficKey, myValue);
} catch (Exception exe){
CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+exe.getMessage());
} catch (Exception ex) {
CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+ex.getMessage());
} finally {
Cache_Manager.unlock(trafficKey);
Weblogic Thread Dumps
"TcpRingListener" id=76 idx=0x96 tid=19164 prio=6 alive, in native, daemon
at java/net/PlainSocketImpl.socketAccept(Ljava/net/SocketImpl;)V(Native Method)
at java/net/PlainSocketImpl.accept(Ljava/net/SocketImpl;)V(PlainSocketImpl.java:353)
^-- Holding lock: java/net/PlainSocketImpl@0xc5f4238[thin lock]
at java/net/ServerSocket.implAccept(Ljava/net/Socket;)V(ServerSocket.java:448)
at java/net/ServerSocket.accept()Ljava/net/Socket;(ServerSocket.java:419)
at com/tangosol/coherence/component/net/socket/TcpSocketAccepter.accept()Lcom/tangosol/coherence/component/net/socket/TcpSocket;(TcpSocketAccepter.CDB:17)
at com/tangosol/coherence/component/util/daemon/TcpRingListener.acceptConnection()V(TcpRingListener.CDB:9)
at com/tangosol/coherence/component/util/daemon/TcpRingListener.onNotify()V(TcpRingListener.CDB:1)
at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:34)
at java/lang/Thread.run()V(Unknown Source)
at jrockit/vm/RNI.c2java(IIII)V(Native Method)
-- end of trace
"DistributedCache" id=78 idx=0x98 tid=19165 prio=5 alive, in native, waiting, daemon
-- Waiting for notification on: com/tangosol/coherence/component/util/daemon/QueueProcessor$Queue@0xc5c6998[fat lock]
at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
at java/lang/Object.wait(J)V(Native Method)[optimized]
at com/tangosol/coherence/component/util/Daemon.onWait()V(Daemon.CDB:9)[optimized]
^-- Lock released while waiting: com/tangosol/coherence/component/util/daemon/QueueProcessor$Queue@0xc5c6998[fat lock]
at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:31)
at java/lang/Thread.run()V(Unknown Source)
at jrockit/vm/RNI.c2java(IIII)V(Native Method)
-- end of trace
"ListenThread.Default" id=79 idx=0x9a tid=19166 prio=5 alive, in native
at java/net/PlainSocketImpl.socketAccept(Ljava/net/SocketImpl;)V(Native Method)
at java/net/PlainSocketImpl.accept(Ljava/net/SocketImpl;)V(PlainSocketImpl.java:353)
^-- Holding lock: java/net/PlainSocketImpl@0x1729efc8[thin lock]
at java/net/ServerSocket.implAccept(Ljava/net/Socket;)V(ServerSocket.java:448)
at java/net/ServerSocket.accept()Ljava/net/Socket;(ServerSocket.java:419)
at weblogic/socket/WeblogicServerSocket.accept()Ljava/net/Socket;(WeblogicServerSocket.java:26)
at weblogic/t3/srvr/ListenThread.accept()Ljava/net/Socket;(ListenThread.java:735)
at weblogic/t3/srvr/ListenThread.run()V(ListenThread.java:301)
at jrockit/vm/RNI.c2java(IIII)V(Native Method)
-- end of trace
Blocked lock chains
===================
Chain 2:
"ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'" id=53 idx=0x70 tid=18903 waiting for java/lang/String@0x102fb4d8 held by:
"ExecuteThread: '1' for queue: 'weblogic.socket.Muxer'" id=52 idx=0x6e tid=18902 in chain 1
Coherence Thread Dumps
"PacketPublisher" id=21 idx=0x32 tid=20248 prio=6 alive, in native, waiting, daemon
at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
at java/lang/Object.wait(J)V(Native Method)
at com/tangosol/coherence/component/util/Daemon.onWait()V(Daemon.CDB:9)
^-- Lock released while waiting: com/tangosol/coherence/component/net/Cluster$PacketPublisher$Queue@0xcb36648[fat lock]
at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:31)
at java/lang/Thread.run()V(Unknown Source)
at jrockit/vm/RNI.c2java(IIII)V(Native Method)
-- end of trace
"Cluster" id=22 idx=0x34 tid=20249 prio=5 alive, in native, waiting, daemon
-- Waiting for notification on: com/tangosol/coherence/component/net/Cluster$ClusterService$Queue@0xcb30190[fat lock]
at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
at java/lang/Object.wait(J)V(Native Method)
at com/tangosol/coherence/component/util/Daemon.onWait()V(Daemon.CDB:9)
^-- Lock released while waiting: com/tangosol/coherence/component/net/Cluster$ClusterService$Queue@0xcb30190[fat lock]
at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:31)
at java/lang/Thread.run()V(Unknown Source)
at jrockit/vm/RNI.c2java(IIII)V(Native Method)
-- end of trace
"PO Async Executor" id=27 idx=0x36 tid=20436 prio=5 alive, in native, waiting, daemon
-- Waiting for notification on: java/lang/Object@0xa7573d8[fat lock]
at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
at jrockit/vm/Locks.wait(Ljava/lang/Object;J)V(Unknown Source)
at java/lang/Object.wait()V(Native Method)
at com/wily/EDU/oswego/cs/dl/util/concurrent/BoundedLinkedQueue.take()Ljava/lang/Object;(BoundedLinkedQueue.java:225)
^-- Lock released while waiting: java/lang/Object@0xa7573d8[fat lock]
at com/wily/EDU/oswego/cs/dl/util/concurrent/QueuedExecutor$RunLoop.run()V(QueuedExecutor.java:82)
at java/lang/Thread.run()V(Unknown Source)
at jrockit/vm/RNI.c2java(IIII)V(Native Method)
-- end of trace
"TcpRingListener" id=24 idx=0x38 tid=20252 prio=6 alive, in native, daemon
at java/net/PlainSocketImpl.socketAccept(Ljava/net/SocketImpl;)V(Native Method)
at java/net/PlainSocketImpl.accept(Ljava/net/SocketImpl;)V(PlainSocketImpl.java:353)
^-- Holding lock: java/net/PlainSocketImpl@0xd441530[thin lock]
at java/net/ServerSocket.implAccept(Ljava/net/Socket;)V(ServerSocket.java:448)
at java/net/ServerSocket.accept()Ljava/net/Socket;(ServerSocket.java:419)
at com/tangosol/coherence/component/net/socket/TcpSocketAccepter.accept()Lcom/tangosol/coherence/component/net/socket/TcpSocket;(TcpSocketAccepter.CDB:17)
at com/tangosol/coherence/component/util/daemon/TcpRingListener.acceptConnection()V(TcpRingListener.CDB:9)
at com/tangosol/coherence/component/util/daemon/TcpRingListener.onNotify()V(TcpRingListener.CDB:1)
at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:34)
at java/lang/Thread.run()V(Unknown Source)
at jrockit/vm/RNI.c2java(IIII)V(Native Method)Hi user638596.
Frankly, there is not enough information to go by. The code you pointed to is definitely not "bullet proof". First, after the lock has been acquired, it only catches Exceptions, so any Errors (e.g. OutOfMemoryError) would "leak" a lock. In general, the locking-protected code should look like (in pseudo-code):
lock();
try
operations();
finally
unlock();
}However, without seeing the log files and entire thread dump, it's impossible to figure out a real reason. I'd suggest you to submit those to our support at Oracle Metalink.
Regards,
Gene -
Cisco Devices Syslog monitoring and user monitoring tools
Can anyone help me how to monitoring syslog and users log (which command use specific user). if any software or hardware need for this purpose we will purchace it. note that our network running all cisco devices (router, switch, ASA etc) and more then 200 devices are in our network.
thanks.Configuring Cisco Devices to Use a Syslog Server
Most Cisco devices use the syslog protocol to manage system logs and alerts. But unlike their PC and server counterparts, Cisco devices lack large internal storage space for storing these logs. To overcome this limitation, Cisco devices offer the following two options:
Internal buffer— The device's operating system allocates a small part of memory buffers to log the most recent messages. The buffer size is limited to few kilobytes. This option is enabled by default. However, when the device reboots, these syslog messages are lost.
Syslog— Use a UNIX-style SYSLOG protocol to send messages to an external device for storing. The storage size does not depend on the router's resources and is limited only by the available disk space on the external syslog server. This option is not enabled by default.
TIP
Before configuring a Cisco device to send syslog messages, make sure that it is configured with the right date, time, and time zone. Syslog data would be useless for troubleshooting if it shows the wrong date and time. You should configure all network devices to use NTP. Using NTP ensures a correct and synchronized system clock on all devices within the network. Setting the devices with the accurate time is helpful for event correlation.
To enable syslog functionality in a Cisco network, you must configure the built-in syslog client within the Cisco devices.
Cisco devices use a severity level of warnings through emergencies to generate error messages about software or hardware malfunctions. The debugging level displays the output of debug commands. The Notice level displays interface up or down transitions and system restart messages. The informational level reloads requests and low-process stack messages.
Configuring Cisco Routers for Syslog
To configure a Cisco IOS-based router for sending syslog messages to an external syslog server, follow the steps in Table 4-11 using privileged EXEC mode.
Table 4-11. Configuring Cisco Routers for Syslog
Step
Command
Purpose
1
Router# configure terminal
Enters global configuration mode.
2
Router(config)# service timestamps type datetime [msec] [localtime] [show-timezone]
Instructs the system to timestamp syslog messages; the options for the type keyword are debug and log.
3
Router(config)#logging host
Specifies the syslog server by IP address or host name; you can specify multiple servers.
4
Router(config)# logging trap level
Specifies the kind of messages, by severity level, to be sent to the syslog server. The default is informational and lower. The possible values for level are as follows:
Emergency: 0
Alert: 1
Critical: 2
Error: 3
Warning: 4
Notice: 5
Informational: 6
Debug: 7
Use the debug level with caution, because it can generate a large amount of syslog traffic in a busy network.
5
Router(config)# logging facility facility-type
Specifies the facility level used by the syslog messages; the default is local7. Possible values are local0, local1, local2, local3, local4, local5, local6, and local7.
6
Router(config)# End
Returns to privileged EXEC mode.
7
Router# show logging
Displays logging configuration.
Note
When a level is specified in the logging trap level command, the router is configured to send messages with lower severity levels as well. For example, the logging trap warning command configures the router to send all messages with the severity warning, error, critical, and emergency. Similarly, the logging trap debug command causes the router to send all messages to the syslog server. Exercise caution while enabling the debug level. Because the debug process is assigned a high CPU priority, using it in a busy network can cause the router to crash.
Example 4-12 prepares a Cisco router to send syslog messages at facility local3. Also, the router will only send messages with a severity of warning or higher. The syslog server is on a machine with an IP address of 192.168.0.30.
Example 4-12. Router Configuration for Syslog
Router-Dallas#
Router-Dallas#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router-Dallas(config)#logging 192.168.0.30
Router-Dallas(config)#service timestamps debug datetime localtime show-timezone
msec
Router-Dallas(config)#service timestamps log datetime localtime show-timezone msec
Router-Dallas(config)#logging facility local3
Router-Dallas(config)#logging trap warning
Router-Dallas(config)#end
Router-Dallas#show logging
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
Console logging: level debugging, 79 messages logged
Monitor logging: level debugging, 0 messages logged
Buffer logging: disabled
Trap logging: level warnings, 80 message lines logged
Logging to 192.168.0.30, 57 message lines logged
Configuring a Cisco Switch for Syslog
To configure a Cisco CatOS-based switch for sending syslog messages to an external syslog server, use the privileged EXEC mode commands shown in Table 4-12.
Table 4-12. Configuring a Cisco Switch for Syslog
Step
Command
Purpose
1
Switch>(enable) set logging timestamp {enable | disable}
Configures the system to timestamp messages.
2
Switch>(enable) set logging server ip-address
Specifies the IP address of the syslog server; a maximum of three servers can be specified.
3
Switch>(enable) set logging server severity server_severity_level
Limits messages that are logged to the syslog servers by severity level.
4
Switch>(enable) set logging server facility server_facility_parameter
Specifies the facility level that would be used in the message. The default is local7. Apart from the standard facility names listed in Table 4-1, Cisco Catalyst switches use facility names that are specific to the switch. The following facility levels generate syslog messages with fixed severity levels:
5: System, Dynamic-Trunking-Protocol, Port-Aggregation-Protocol, Management, Multilayer Switching
4: CDP, UDLD
2: Other facilities
5
Switch>(enable) set logging server enable
Enables the switch to send syslog messages to the syslog servers.
6
Switch>(enable) Show logging
Displays the logging configuration.
Example 4-13 prepares a CatOS-based switch to send syslog messages at facility local4. Also, the switch will only send messages with a severity of warning or higher. The syslog server is on a machine with an IP address of 192.168.0.30.
Example 4-13. CatOS-Based Switch Configuration for Syslog
Console> (enable) set logging timestamp enable
System logging messages timestamp will be enabled.
Console> (enable) set logging server 192.168.0.30
192.168.0.30 added to System logging server table.
Console> (enable) set logging server facility local4
System logging server facility set to
Console> (enable) set logging server severity 4
System logging server severity set to <4>
Console> (enable) set logging server enable
System logging messages will be sent to the configured syslog servers.
Console> (enable) show logging
Logging buffered size: 500
timestamp option: enabled
Logging history size: 1
Logging console: enabled
Logging server: enabled
{192.168.0.30}
server facility: LOCAL4
server severity: warnings(4
Current Logging Session: enabled
Facility Default Severity Current Session Severity
cdp 3 4
drip 2 4
dtp 5 4
dvlan 2 4
earl 2 4
fddi 2 4
filesys 2 4
gvrp 2 4
ip 2 4
kernel 2 4
mcast 2 4
mgmt 5 4
mls 5 4
pagp 5 4
protfilt 2 4
pruning 2 4
radius 2 4
security 2 4
snmp 2 4
spantree 2 4
sys 5 4
tac 2 4
tcp 2 4
telnet 2 4
tftp 2 4
udld 4 4
vmps 2 4
vtp 2 4
0(emergencies) 1(alerts) 2(critical)
3(errors) 4(warnings) 5(notifications)
6(information) 7(debugging)
Console> (enable)
Configuring a Cisco ASA for Syslog >
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html
You can get a free copy of Syslog server from here
http://www.kiwisyslog.com/free-edition.aspx
Hope it helps!!
Regards -
Monitoring log-ins using tail command
I have a lab full of eMacs that are logging in very slowly (Network Home Directories) I would like to monitor the log-in process by ssh'ing into the "problem machines" and monitoring the process by using:
tail -f
but what should I be running the tail command against? I want to see what is happening when the student hits return.The logins are stored in a binary file /var/log/wtmp. Since it's binary you cannot easily tail this file to get the information you're after.
In any case, even if you did, the file would only get updated at the end of the login sequence. It wouldn't tell you much about what's going on in the intermediate time.
You might be better off using other tools such as tcpdump to monitor network traffic between the client and the home directory server. It would at least give you an idea of which machine(s) the client is talking to and any noticeable delays in responses from the server.
The other place to look is the home directory server itself. How many active clients does it have? What's its network connection? You might just find the the home directory server (or its network link) is saturated and therefore monitoring from the client side won't tell you much. -
Monitoring Log in SharePoint Foundation 2010
Hello,
I´m using SharePoint Foundation 2010 and I want to configure Monitoring log, because we have had any problems because the user changed the permissions in other sites or deleted Users.
So I want to know who makes this action in Monitoring Log SharePoint 2010.
Regards.Take a look at this 3rd party solution:
https://auditlogsp.codeplex.com/
The Site Collection Administrator can modify audit settings, but audit settings aren't available OOTB in Foundation.
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Wily Introscope is not running in Solution Manager 7.1 and tech monitoring
Hi Experts,
we are able to log in wily introscope, But metrics(values) are not coming in wily
we re started the solution manager server, that port is working fine now, Please assist me on this to fix issue find log as attachment.
2)we configure the technical monitoring in our solution manager system but metrics are not coming for dialog response time in dash board. which extractor i need to check how to troubleshoot,
thanks in advance for you help
Best RegHi Srivastav.
Actually i am new to solution manager, and we have done basic steps of solution manager like
system preparation,basic configuration,managed system configuration and technical monitoring,
in tech monitoring system monitoring,and EUEM and we are planing to perform DVM and RBPD,
my solution manager system is installed on windows 2008 server, version is 7.1 SP 7,
currently we facing issue in wily introscope and technical monitoring dash boards metrics are not appearing and please tell me how to close the thread ,
Best Regards,
Hanuman -
In the IronPort web security appliance documentation, it indicates that the L4 traffic monitor ports (T1 and/or T2) should be connected to either a network tap or switch span.
I'm a little confused as to how this is supposed to be set up.
Does it mean that you take 2 ports on a switch, one on the same subnet/vlan as the P1 interface (data) on the IronPort, and the other that is on the subnet/vlan as the firwall (outbound Internet traffic) and create 2 monitor sessions (spans)? If so, where are these sessions pointed to?
Isn't the IronPort supposed to be doing the tapping/inspection?
The whole external tap thing has me confused.Colin,
One way to think of it is that the WSA has 2 inspection engines that don't actually talk to one another...
1. the web proxy, where you're using WCCP to send specific traffic to
2. the L4TM engine that you send a spanned port to to catch all of the other weird stuff.
The web proxy does all of the user tracking/policy stuff, etc. Watching a specific set of ports.
The L4TM is intended for malware that might be running on your net... sort of like the Botnet Traffic filter that's available on ASA.
That said, you'll use 1 port for P1 on whatever vlan, redirection to that happens via WCCP or explicit proxy.
For the L4TM tap you can use 1 or 2 ports on the swtich, or none if you use an external tap. In the Network/Interfaces page, you set whether you want L4TM to use simplex or Duplex. If you use Duplex, just do a span session off the port the firewall is plugged into to the port that you connect T1 into...
If you use Simplex, you do 2 span sessions off of the port the firewall is connected to... ingress traffic on the port (eg. out of the firewall) to the port T1 is connected to, egress traffic on the port (eg. going to the firewall) spanned to the port T2 is hooked up to.
If you use an external tap, put it inline between the firewall and the switch, set the WSA for duplex and connect the "monitor" port to T1...
Hope that helps!
Ken
Maybe you are looking for
-
working on a new website .I want to cut and paste information from microsoft. firefox is not letting me.
-
Nokia 6230I Memory card problem
i've put a password on my memory card and now i can't remember what it is, is there anyway i can remove it?
-
Can I install the Adobe Acrobat XI Pro Student and Teacher Edition on my Macbook Pro & my Macbook air that I carry around? or will I have to purchase a second licence?
-
Problem in synchronizing two executions
One execution (not in loop structure) is to run vi-A to move a motor by certain distance. Another execution is a loop struction, and in each loop execution vi-B inside it acquires current motor position. I hope to synchronize this two executions so t
-
How do I make a good menu list for a launcher? (Automator)
First of all, sorry... I know this isn't exactly a Dev topic, but I didn't know what community to put it in. I currently have a simple Automator program that: 1. Launches 2. Finds all items with the Tag:Games 3. Presents said items in a list to be pi