Firewall Log Management Software

Can anyone recommend any firewall log management software that are proven?

Adam,
I suggest you to try ManageEngine Firewall Analyzer.
The product almost support all the leading vendors in the industry. The product is segregated in to the three categories and they are,
     1.Traffic
    2.Security
    3.Management
1. Traffic Statistics:
      This will give you the complete bandwidth information that was transacted through out the network with multiple drill analysis such as Source, Destination, Protocol, Hits, Bytes Sent, Bytes Received etc. You can even do capacity planning and forecasting with the product.
2. Security Statistics:
       Security Statistics (Reports) will display all malicious events in your network. It will help you to know the various threats and attacks to the company from outside to inside and vice versa.
3. Management Statistics:
       This will help you to do audit and security configuration analysis which includes change management, compliance report. This will point out the loop holes of the network and assist you to fix it.
Why Firewall Analyzer?
*Support for Firewall and security devices from multiple vendors
*Real-time bandwidth monitoring
*Employee internet usage with URL monitoring
*Real-time alerting
*Firewall Change Management reports
*Security Audit & Configuration Analysis reports
*Diagnose live connections
*Capability to view traffic trends and usage patterns (Capacity Planning)
*Powerful search for forensic and security analysis
*Multi-level drill down into top hosts, protocols, web sites and more
*Network security reports
*Firewall compliance reports
*Flexible and secured log data archiving
*Rebranding, User based views and dashboard for MSSP Support
and more
http://www.manageengine.com/products/firewall/features.html
I recommend you to evaluate the fully functioned 30 days evaluation copy and check if it helps you to acheive your use case.
Regards,
Vignesh.K
Firewall Analyzer

Similar Messages

  • CRM 7.0 - Communication Management Software - CTI

    Hi,
    We are in process of configuring Contact Center Simulator.
    The fact is that we don't have JAVA stack on CRM 7.0 system, rather we are using different system for JAVA stack.
    We have successfully done with RFC connection in CRM 7.0 pointing to JAVA stack system and other required config settings.
    When user click 'Ready' button from UI, it gives error 'Communication management software system is not configured'.
    Does any body has experenced this or did I missed out any step?
    Regards,
    Nilesh P

    Hi Nilesh,
    Here are a few things to check:
    1. Look at the ICI trace log and see what kind of message is being returned
    2. Double-check your toolbar configuration - this often gets overlooked - you need a toolbar for voice configured
    3. Check that the system where the Java stack resides can "see" and connect to your CRM 7.0 system - if there is a firewall between the two or if there is some other network reason that communication might be getting blocked. look at the ICI trace log and see what url is being passed in the subscribe command, then put that URL into a web browser on the java server to verify that it can call back to the CRM system
    Hope this helps. I have done that same thing before so I know it works.
    Sincerely,
    Glenn
    Glenn Abel
    Covington Creative
    www.covingtoncreative.com

  • Why Are There Multiple Instances Of Firefox Preparing To Access Internet According To Firewall Log When I'm Not Launching Them And Nothing Appeared On My Screen

    I had closed Firefox after briefly running it and then tried to reopen it anew but got a message that said "Firefox is already running but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system."
    I logged off my computer, and later restarted. However, when I checked my Firewall log it showed that during the minute I had my computer on earlier there were about a dozen instances of "Firefox is preparing to access the internet" which were recorded just seconds apart.
    I don't have the problem now -- restarting apparently took care of the issue -- but I don't understand why there were so many instances of Firefox preparing to access the internet when I was not clicking on it all those times, the one time I did I got a message that it already was running, and there were no tabs on my screen to reflect all those supposed instances.
    Thanks for any insight that folks can offer.

    Were that Firefox processes or plugin-container processes?
    *http://kb.mozillazine.org/Plugin-container_and_out-of-process_plugins
    *https://support.mozilla.org/kb/What+is+plugin-container
    In case you are using "Clear history when Firefox closes", try to exclude the cookies in case you currently have selected this.
    *Tools > Options > Privacy > Firefox will: "Use custom settings for history": [X] "Clear history when Firefox closes" > Settings
    *https://support.mozilla.org/kb/Clear+Recent+History
    Note that clearing "Site Preferences" clears all exceptions for cookies, images, pop-up windows, software installation, and passwords.
    Firefox will try to remove cookies created by plugins in case you clear the cookies and that can result in plugin-container processes getting created.

  • Oracle 8i: Problem with connectong trough firewall/connection manager

    Hello.
    i've been trying to make this work for I think 2 weeks now. with no luck. if I go around the firewall/connection manager. everything works fine.
    it runs on win xp. port 1521 and port 1630 has been forwarded.
    conn manager log:
    (TIMESTAMP=22-JUN-2010 16:35:27)(EVENT=10)(VERSION=8.1.7.0.0)
    (TIMESTAMP=22-JUN-2010 16:35:27)(EVENT=36)(rule_list= (rule=(src=xx.xx.46.145)(dst=oracle-server)(srv=*)(act=accept)))
    (TIMESTAMP=22-JUN-2010 16:35:27)(EVENT=32)(PARAMETER_LIST=(MAXIMUM_RELAYS=1024)(RELAY_STATISTICS=yes)(AUTHENTICATION_LEVEL=0)(LOG_LEVEL=4)(SHOW_TNS_INFO=yes)(ANSWER_TIMEOUT=0)(MAXIMUM_CONNECT_DATA=1024)(USE_ASYNC_CALL=yes)(TRACING=no)(TRACE_DIRECTORY=default)(MAX_FREELIST_BUFFERS=0)(REMOTE_ADMIN=no))
    (TIMESTAMP=22-JUN-2010 16:35:27)(EVENT=34)(ADDRESS_LIST= (ADDRESS=(PROTOCOL=tcp)(HOST=oracle-server)(PORT=1630)(QUEUESIZE=32)))
    (TIMESTAMP=22-JUN-2010 16:35:31)(EVENT=102)(RLYNO=0)(ADDRESS=(PROTOCOL=tcp)(HOST=xx.xx.46.145)(PORT=11473))
    (TIMESTAMP=22-JUN-2010 16:35:31)(EVENT=20)(RLYNO=0)(REASON=16)(ADDRESS=(PROTOCOL=tcp)(HOST=xx.xx.46.145)(PORT=11473))
    listener ora:
    # LISTENER.ORA Network Configuration File: C:\oracle\ora81\NETWORK\ADMIN\listener.ora
    # Generated by Oracle configuration tools.
    LISTENER =
    (DESCRIPTION_LIST =
    (DESCRIPTION =
    (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
    (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = oracle-server)(PORT = 1521))
    (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = oracle-server)(PORT = 2481))
    (PROTOCOL_STACK =
    (PRESENTATION = GIOP)
    (SESSION = RAW)
    SID_LIST_LISTENER =
    (SID_LIST =
    (SID_DESC =
    (SID_NAME = PLSExtProc)
    (ORACLE_HOME = C:\oracle\ora81)
    (PROGRAM = extproc)
    (SID_DESC =
    (GLOBAL_DBNAME = ifs)
    (ORACLE_HOME = C:\oracle\ora81)
    (SID_NAME = ifs)
    names ora:
    ifs=
    (DESCRIPTION=
    (SOURCE_ROUTE=yes)
    (ADDRESS=
    (PROTOCOL=tcp)
    (HOST=oracle-server)
    (PORT=1630))
    (ADDRESS=
    (PROTOCOL=tcp)
    (HOST=oracle-server)
    (PORT=1521))
    (CONNECT_DATA=
    (SERVICE_NAME=ifs)))
    INST1_HTTP =
    (DESCRIPTION =
    (ADDRESS_LIST =
    (ADDRESS = (PROTOCOL = TCP)(HOST = oracle-server)(PORT = 1521))
    (CONNECT_DATA =
    (SERVER = SHARED)
    (SERVICE_NAME = ifs)
    (PRESENTATION = http://admin)
    EXTPROC_CONNECTION_DATA =
    (DESCRIPTION =
    (ADDRESS_LIST =
    (ADDRESS = (PROTOCOL = IPC)(Key = EXTPROC0))
    (CONNECT_DATA =
    (SID = PLSExtProc)
    (PRESENTATION = RO)
    We're very close to go with ms sql istead. help would be greatly apreciatet.
    Morten
    Denmark

    tracing connection manager:
    --- TRACE CONFIGURATION INFORMATION FOLLOWS ---
    New trace stream is C:\oracle\ora81\network\trace\cman_3280.trc
    New trace level is 16
    --- TRACE CONFIGURATION INFORMATION ENDS ---
    nfpglsn: entry
    nslisten: entry
    nsc2addr: entry
    nttbnd2addr: entry
    nttbnd2addr: port resolved to 1630
    nttbnd2addr: looking up IP addr for host: oracle-server
    nttbnd2addr: exit
    nsc2addr: normal exit
    nsopen: entry
    nsmal: entry
    nsmal: 420 bytes at 0xf19a68
    nsmal: normal exit
    nsopenmplx: entry
    nsmal: entry
    nsmal: 1712 bytes at 0xf19c18
    nsmal: normal exit
    nsopenmplx: normal exit
    nsopen: opening transport...
    nttcon: entry
    nttcon: toc = 2
    nttcnp: entry
    ntvlin: entry
    ntvllt: entry
    ntvllt: No PROTOCOL.ORA file is found
    ntvllt: exit
    ntvlin: exit
    nttcnp: Validnode Table IN use; err 0x0
    nttcnp: creating a socket.
    nttcnp: binding an address to a socket.
    nttcnp: listening on a bound socket (queue size = 32).
    nttcnp: getting sockname
    nttcnp: exit
    nttcon: exit
    nsopen: transport is open
    nsoptions: entry
    nsoptions: lcl[0]=0x0, lcl[1]=0x2150, gbl[0]=0x0, gbl[1]=0x2001, cha=0x0
    nsoptions: lcl[0]=0x1fefff, lcl[1]=0x2150, gbl[0]=0x783f, gbl[1]=0x2001
    nsoptions: normal exit
    nsopen: global context check-in (to slot 0) complete
    nsopen: lcl[0]=0x1fefff, lcl[1]=0x2150, gbl[0]=0x783f, gbl[1]=0x2001, tdu=32767, sdu=8192
    nsopen: Caller is Interchange; telling adapter
    nttctl: entry
    nsdo: entry
    nsdo: cid=0, opcode=65, bl=0, what=0, uflgs=0x0, cflgs=0x2
    nsdo: rank=64, nsctxrnk=0
    nsdo: nsctx: state=7, flg=0x4202, mvd=0
    nsbal: entry
    nsbgetfl: entry
    nsbgetfl: normal exit
    nsmal: entry
    nsmal: 44 bytes at 0x3ce9a0
    nsmal: normal exit
    nsbal: normal exit
    nsdo: nsctxrnk=0
    nsdo: normal exit
    nsopen: normal exit
    nslisten: normal exit
    nsevreg: entry
    nsevreg: begin registration process for 0
    nsevregPrePost: entry
    nsevregPrePost: normal exit
    nsevreg: sgt=0, evn=1, evt[2]=0x0
    nsevreg: begin notification process for 0
    nsevregAffectNotif: entry
    nsevregAffectNotif: exit (0)
    nsevreg: rdm=0, sgt=0, evt[0]=0x1, [1]=0x1, [2]=0x0, nrg=0
    nsevreg: registering for 0x1
    nsevreg: normal exit
    nfpglsn: exit
    nscall: entry
    nsmal: entry
    nsmal: 140 bytes at 0xf19650
    nsmal: normal exit
    nscall: connecting...
    nsc2addr: entry
    nttbnd2addr: entry
    nttbnd2addr: port resolved to 1830
    nttbnd2addr: looking up IP addr for host: oracle-server
    nttbnd2addr: exit
    nsc2addr: normal exit
    nsopen: entry
    nsmal: entry
    nsmal: 420 bytes at 0xf1d3b8
    nsmal: normal exit
    nsopenmplx: entry
    nsmal: entry
    nsmal: 1712 bytes at 0xf1d568
    nsmal: normal exit
    nsopenmplx: normal exit
    nsopen: opening transport...
    nttcon: entry
    nttcon: toc = 1
    nttcnp: entry
    ntvlin: entry
    ntvlin: exit
    nttcnp: Validnode Table IN use; err 0x0
    nttcnp: creating a socket.
    nttcnp: exit
    nttcni: entry
    nttcni: trying to connect to socket 220.
    nttcni: exit
    nttcon: NT layer TCP/IP connection has been established.
    nttcon: set TCP_NODELAY on 220
    nttcon: exit
    nsopen: transport is open
    nsnainit: entry
    nsnainit: call
    nsnainit: NA not wanted - disabling and returning
    nsoptions: entry
    nsoptions: lcl[0]=0x0, lcl[1]=0x10, gbl[0]=0x0, gbl[1]=0x0, cha=0x0
    nsoptions: lcl[0]=0x1fefff, lcl[1]=0x10, gbl[0]=0xf83f, gbl[1]=0x0
    nsoptions: normal exit
    nsopen: global context check-in (to slot 1) complete
    nsopen: lcl[0]=0x1fefff, lcl[1]=0x10, gbl[0]=0xf83f, gbl[1]=0x0, tdu=32767, sdu=2048
    nsdo: entry
    nsdo: cid=1, opcode=65, bl=0, what=0, uflgs=0x0, cflgs=0x2
    nsdo: rank=64, nsctxrnk=0
    nsdo: nsctx: state=7, flg=0x4201, mvd=0
    nsbal: entry
    nsbgetfl: entry
    nsbgetfl: normal exit
    nsmal: entry
    nsmal: 44 bytes at 0xf191c8
    nsmal: normal exit
    nsbal: normal exit
    nsbal: entry
    nsbgetfl: entry
    nsbgetfl: normal exit
    nsmal: entry
    nsmal: 44 bytes at 0xf19200
    nsmal: normal exit
    nsbal: normal exit
    nsepcIniCFI: entry
    nlidg8: entry
    nlidg8: exit
    nsepcIniCFI: normal exit
    nsdo: nsctxrnk=0
    nsdo: normal exit
    nsopen: normal exit
    nsdo: entry
    nsdo: cid=1, opcode=67, bl=0, what=8, uflgs=0x0, cflgs=0x3
    nsdo: rank=64, nsctxrnk=0
    nsdo: nsctx: state=14, flg=0x4205, mvd=0
    nsdo: gtn=0, gtc=0, ptn=10, ptc=2019
    nscon: entry
    nscon: doing connect handshake...
    nscon: sending NSPTCN packet
    nspsend: entry
    nspsend: plen=58, type=1
    nttwr: entry
    nttwr: socket 220 had bytes written=58
    nttwr: exit
    nspsend: 58 bytes to transport
    nspsend: packet dump
    nspsend: 00 3A 00 00 01 00 00 00 |.:......|
    nspsend: 01 36 01 2C 00 00 08 00 |.6.,....|
    nspsend: 7F FF A3 0A 00 00 01 00 |........|
    nspsend: 00 00 00 3A 00 00 00 00 |...:....|
    nspsend: 00 00 00 00 00 00 00 00 |........|
    nspsend: 00 00 00 00 0E A0 00 00 |........|
    nspsend: 00 00 00 00 00 00 00 00 |........|
    nspsend: 00 00 00 00 00 00 00 00 |........|
    nspsend: normal exit
    nscon: exit (0)
    nsdo: nsctxrnk=0
    nsdo: normal exit
    nsdo: entry
    nsdo: cid=1, opcode=68, bl=256, what=9, uflgs=0x2000, cflgs=0x3
    nsdo: rank=64, nsctxrnk=0
    nsdo: nsctx: state=2, flg=0x4205, mvd=0
    nsdo: gtn=0, gtc=0, ptn=10, ptc=2019
    nscon: entry
    nscon: recving a packet
    nsprecv: entry
    nsbal: entry
    nsbgetfl: entry
    nsbgetfl: normal exit
    nsmal: entry
    nsmal: 44 bytes at 0xf19238
    nsmal: normal exit
    nsbal: normal exit
    nsprecv: reading from transport...
    nttrd: entry
    nttrd: socket 220 had bytes read=32
    nttrd: exit
    nsprecv: 32 bytes from transport
    nsprecv: tlen=32, plen=32, type=2
    nsprecv: packet dump
    nsprecv: 00 20 00 00 02 00 00 00 |. ......|
    nsprecv: 01 36 00 00 08 00 7F FF |.6......|
    nsprecv: 01 00 00 00 00 20 00 00 |..... ..|
    nsprecv: 00 00 00 00 00 00 00 00 |........|
    nsprecv: normal exit
    nscon: got NSPTAC packet
    nsconneg: entry
    nsconneg: vsn=310, gbl=0x0, sdu=2048, tdu=32767
    nsconneg: normal exit
    nscon: no connect data
    nscon: doing connect handshake...
    nscon: nsctxinf[0]=0x0, [1]=0x0
    nscon: normal exit
    nsdo: nsctxrnk=0
    nsdo: normal exit
    nsnaconn: entry
    nsnainconn: entry
    nsnainconn: inf->nsinfflg[0]: 0x0 inf->nsinfflg[1]: 0x0
    nsnainconn: "or" info flags: 0x0
    nsnainconn: "and" info flags: 0x0
    nsnainconn: no native services in use - returning
    nsnainconn: signalling that calling function should not continue
    nsnainconn: normal exit
    nsnaconn: normal exit
    nscall: normal exit
    nsdo: entry
    nsdo: cid=1, opcode=67, bl=116, what=1, uflgs=0x2, cflgs=0x3
    nsdo: rank=64, nsctxrnk=0
    nsdo: nsctx: state=8, flg=0x420d, mvd=0
    nsdo: gtn=32, gtc=32, ptn=10, ptc=2019
    nsdo: 116 bytes to NS buffer
    nsdoacts: entry
    nsdofls: entry
    nsdofls: DATA flags: 0x0
    nsdofls: sending NSPTDA packet
    nspsend: entry
    nspsend: plen=126, type=6
    nttwr: entry
    nttwr: socket 220 had bytes written=126
    nttwr: exit
    nspsend: 126 bytes to transport
    nspsend: packet dump
    nspsend: 00 7E 00 00 06 00 00 00 |.~......|
    nspsend: 00 00 30 31 31 32 28 43 |..0112(C|
    nspsend: 4D 41 4E 5F 52 45 43 4F |MAN_RECO|
    nspsend: 52 44 3D 28 43 4F 4D 4D |RD=(COMM|
    nspsend: 41 4E 44 3D 31 30 31 29 |AND=101)|
    nspsend: 28 41 44 44 52 45 53 53 |(ADDRESS|
    nspsend: 5F 4C 49 53 54 3D 20 28 |_LIST= (|
    nspsend: 41 44 44 52 45 53 53 3D |ADDRESS=|
    nspsend: 28 50 52 4F 54 4F 43 4F |(PROTOCO|
    nspsend: 4C 3D 74 63 70 29 28 48 |L=tcp)(H|
    nspsend: 4F 53 54 3D 6F 72 61 63 |OST=orac|
    nspsend: 6C 65 2D 73 65 72 76 65 |le-serve|
    nspsend: 72 29 28 50 4F 52 54 3D |r)(PORT=|
    nspsend: 31 36 33 30 29 28 51 55 |1630)(QU|
    nspsend: 45 55 45 53 49 5A 45 3D |EUESIZE=|
    nspsend: 33 32 29 29 29 29 00 00 |32))))..|
    nspsend: normal exit
    nsdofls: exit (0)
    nsdoacts: flushing transport
    nttctl: entry
    nsdoacts: normal exit
    nsdo: nsctxrnk=0
    nsdo: normal exit
    nsdisc: entry
    nsclose: entry
    nstimarmed: entry
    nstimarmed: no timer allocated
    nstimarmed: normal exit
    nsdo: entry
    nsdo: cid=1, opcode=98, bl=0, what=0, uflgs=0x40, cflgs=0x2
    nsdo: rank=64, nsctxrnk=0
    nsdo: nsctx: state=8, flg=0x4209, mvd=0
    nsbfr: entry
    nsbaddfl: entry
    nsbaddfl: normal exit
    nsbfr: normal exit
    nsbfr: entry
    nsbaddfl: entry
    nsbaddfl: normal exit
    nsbfr: normal exit
    nsdo: nsctxrnk=0
    nsdo: normal exit
    nsclose: closing transport
    nttdisc: entry
    nttdisc: Closed socket 220
    nttdisc: exit
    nsclose: global context check-out (from slot 1) complete
    nsnadisc: entry
    nsbfr: entry
    nsbaddfl: entry
    nsbaddfl: normal exit
    nsbfr: normal exit
    nsmfr: entry
    nsmfr: 1712 bytes at 0xf1d568
    nsmfr: normal exit
    nsmfr: entry
    nsmfr: 140 bytes at 0xf19650
    nsmfr: normal exit
    nsmfr: entry
    nsmfr: 420 bytes at 0xf1d3b8
    nsmfr: normal exit
    nsclose: normal exit
    nsdisc: exit (0)
    nfpgsev: entry
    nfpgsev: waiting for an event
    nsevwait: entry
    nsevwait: 1 registered connection(s)
    nsevwait: 0 added to NT list for 0x8
    nsevwait: 0 pre-posted event(s)
    nsevwait: waiting for transport event (0 thru 0)...
    ntctst: size of NTTEST list is 1 - not calling poll
    sntseltst: Testing for CONNECTIONS on socket 192
    sntseltst: FOUND: connection request on socket 192
    nsevwait: 1 newly-posted event(s)
    nsevfnt: cxd: 0xf19348 stage 0: NT events set:
         CONNECTION REQUEST
    nsevfnt: cxd: 0xf19348 stage 0: NS events set:
         INCOMING CALL
    nsevwait: event is 0x1, on 0
    nsevwait: 1 posted event(s)
    nsevwait: exit (0)
    nfpgsev: # event connections = 1
    nfpgevh: entry
    nfpgevh: event on cxd 0xf19348 (or cid 0)
    nfpgevh: event flags = 0x1
    nsanswer: entry
    nsopen: entry
    nsmal: entry
    nsmal: 420 bytes at 0xf1d3b8
    nsmal: normal exit
    nsopenmplx: entry
    nsmal: entry
    nsmal: 1712 bytes at 0xf2fa08
    nsmal: normal exit
    nsopenmplx: normal exit
    nsopen: opening transport...
    nttcon: entry
    nttcon: toc = 3
    nttcnp: entry
    ntvlin: entry
    ntvlin: exit
    nttcnp: Validnode Table IN use; err 0x0
    nttcnp: getting sockname
    nttcnp: exit
    nttcnr: entry
    nttcnr: waiting to accept a connection.
    nttcnr: getting sockname
    nttvlser: entry
    nttvlser: valid node check on incoming node 85.81.46.145
    nttvlser: Accepted Entry: 85.81.46.145
    nttcnr: exit
    nttcon: NT layer TCP/IP connection has been established.
    nttcon: set TCP_NODELAY on 220
    nttcon: exit
    nsopen: transport is open
    nsnainit: entry
    nsnainit: normal exit
    nsopen: global context check-in (to slot 1) complete
    nsopen: lcl[0]=0x1fefff, lcl[1]=0x2153, gbl[0]=0x783f, gbl[1]=0x2001, tdu=32767, sdu=8192
    nsopen: Caller is Interchange; telling adapter
    nttctl: entry
    nsdo: entry
    nsdo: cid=1, opcode=65, bl=0, what=0, uflgs=0x0, cflgs=0x2
    nsdo: rank=64, nsctxrnk=0
    nsdo: nsctx: state=7, flg=0x4200, mvd=0
    nsbal: entry
    nsbgetfl: entry
    nsbgetfl: normal exit
    nsmal: entry
    nsmal: 44 bytes at 0xf30e48
    nsmal: normal exit
    nsbal: normal exit
    nsbal: entry
    nsbgetfl: entry
    nsbgetfl: normal exit
    nsmal: entry
    nsmal: 44 bytes at 0xf1de68
    nsmal: normal exit
    nsbal: normal exit
    nsdo: nsctxrnk=0
    nsdo: normal exit
    nsopen: normal exit
    nsanswer: deferring connect attempt; at stage 5
    nsanswer: normal exit
    nfpgevh: client side cid = 0x1
    nsevreg: entry
    nsevreg: begin registration process for 1
    nsevregPrePost: entry
    nsevregPrePost: normal exit
    nsevreg: sgt=0, evn=1, evt[2]=0x0
    nsevreg: begin notification process for 1
    nsevregAffectNotif: entry
    nsevregAffectNotif: exit (0)
    nsevreg: rdm=0, sgt=0, evt[0]=0x20, [1]=0x20, [2]=0x0, nrg=0
    nsevreg: registering for 0x20
    nsevreg: normal exit
    nfpgevh: event 0x20 registered for cid 1
    nfpgevh: exit
    nfpgsev: waiting for an event
    nsevwait: entry
    nsevwait: 2 registered connection(s)
    nsevwait: 0 added to NT list for 0x8
    nsevwait: 1 added to NT list for 0x2
    nsevwait: 0 pre-posted event(s)
    nsevwait: waiting for transport event (0 thru 1)...
    ntctst: size of NTTEST list is 1 - not calling poll
    sntseltst: Testing for CONNECTIONS on socket 192
    sntseltst: Testing for DATA on socket 220
    sntseltst: FOUND: read request on socket 220
    nsevwait: 1 newly-posted event(s)
    nsevfnt: cxd: 0x12a007c stage 5: NT events set:
         READ
    nsevfnt: cxd: 0x12a007c stage 5: NS events set:
         OUTGOING CALL COMPLETE
    nsprecv: entry
    nsbal: entry
    nsbgetfl: entry
    nsbgetfl: normal exit
    nsmal: entry
    nsmal: 44 bytes at 0xf1dea0
    nsmal: normal exit
    nsbal: normal exit
    nsprecv: reading from transport...
    nttrd: entry
    nttrd: socket 220 had bytes read=270
    nttrd: exit
    nsprecv: 270 bytes from transport
    nsprecv: tlen=270, plen=270, type=1
    nsprecv: normal exit
    nsevfnt: cxd: 0x12a007c stage 5: NT events set:
         READ
    nsevfnt: cxd: 0x12a007c stage 5: NS events set:
         OUTGOING CALL COMPLETE
    nsevdansw: entry
    nsevdansw: at STAGE 5
    nsdo: entry
    nsdo: cid=1, opcode=68, bl=1024, what=8, uflgs=0x0, cflgs=0x3
    nsdo: rank=64, nsctxrnk=0
    nsdo: nsctx: state=14, flg=0x4204, mvd=0
    nsdo: gtn=0, gtc=0, ptn=10, ptc=8163
    nscon: entry
    nscon: doing connect handshake...
    nscon: recving a packet
    nsprecv: entry
    nsprecv: 270 bytes from leftover
    nsprecv: tlen=270, plen=270, type=1
    nsprecv: packet dump
    nsprecv: 01 0E 00 00 01 00 00 00 |........|
    nsprecv: 01 39 01 2C 00 00 08 00 |.9.,....|
    nsprecv: 7F FF C6 0E 00 00 01 00 |........|
    nsprecv: 00 D4 00 3A 00 00 02 00 |...:....|
    nsprecv: 61 61 00 00 00 00 00 00 |aa......|
    nsprecv: 00 00 00 00 00 00 00 00 |........|
    nsprecv: 00 00 00 00 00 00 00 00 |........|
    nsprecv: 00 00 28 44 45 53 43 52 |..(DESCR|
    nsprecv: 49 50 54 49 4F 4E 3D 28 |IPTION=(|
    nsprecv: 43 4F 4E 4E 45 43 54 5F |CONNECT_|
    nsprecv: 44 41 54 41 3D 28 53 45 |DATA=(SE|
    nsprecv: 52 56 49 43 45 5F 4E 41 |RVICE_NA|
    nsprecv: 4D 45 3D 69 66 73 29 28 |ME=ifs)(|
    nsprecv: 43 49 44 3D 28 50 52 4F |CID=(PRO|
    nsprecv: 47 52 41 4D 3D 43 3A 5C |GRAM=C:\|
    nsprecv: 50 72 6F 67 72 61 6D 20 |Program |
    nsprecv: 46 69 6C 65 73 5C 4D 69 |Files\Mi|
    nsprecv: 63 72 6F 73 6F 66 74 20 |crosoft |
    nsprecv: 56 69 73 75 61 6C 20 53 |Visual S|
    nsprecv: 74 75 64 69 6F 20 31 30 |tudio 10|
    nsprecv: 2E 30 5C 43 6F 6D 6D 6F |.0\Commo|
    nsprecv: 6E 37 5C 49 44 45 5C 64 |n7\IDE\d|
    nsprecv: 65 76 65 6E 76 2E 65 78 |evenv.ex|
    nsprecv: 65 29 28 48 4F 53 54 3D |e)(HOST=|
    nsprecv: 4D 4F 52 54 45 4E 53 29 |MORTENS)|
    nsprecv: 28 55 53 45 52 3D 6D 6F |(USER=mo|
    nsprecv: 72 74 65 6E 29 29 29 28 |rten)))(|
    nsprecv: 41 44 44 52 45 53 53 3D |ADDRESS=|
    nsprecv: 28 50 52 4F 54 4F 43 4F |(PROTOCO|
    nsprecv: 4C 3D 54 43 50 29 28 48 |L=TCP)(H|
    nsprecv: 4F 53 54 3D 38 35 2E 38 |OST=85.8|
    nsprecv: 31 2E 34 36 2E 31 34 35 |1.46.145|
    nsprecv: 29 28 50 4F 52 54 3D 31 |)(PORT=1|
    nsprecv: 36 33 30 29 29 29 00 00 |630)))..|
    nsprecv: normal exit
    nscon: got NSPTCN packet
    nsconneg: entry
    nsconneg: vsn=313, lov=300, opt=0x0, sdu=2048, tdu=32767, ntc=0xc60e
    nsconneg: vsn=310, gbl=0x1, sdu=2048, tdu=32767
    nsconneg: normal exit
    nscon: got 212 bytes connect data
    nscon: exit (0)
    nsdo: nsctxrnk=0
    nsdo: normal exit
    nsevdansw: exit
    nttctl: entry
    nttctl: Clearing non-blocking mode
    nsevwait: event is 0x20, on 1
    nsevwait: 1 posted event(s)
    nsevwait: exit (0)
    nfpgsev: # event connections = 1
    nfpgevh: entry
    nfpgevh: event on cxd 0x12a007c (or cid 1)
    nfpgevh: event flags = 0x20
    nfpgevh: async nsanswer is complete
    nttaddr2bnd: entry
    nttaddr2bnd: exit
    nsrefuse: entry
    nsdo: entry
    nsdo: cid=1, opcode=67, bl=0, what=10, uflgs=0x0, cflgs=0x3
    nsdo: rank=64, nsctxrnk=0
    nsdo: nsctx: state=2, flg=0x4204, mvd=0
    nsdo: gtn=270, gtc=270, ptn=10, ptc=8163
    nscon: entry
    nscon: sending NSPTRF packet
    nspsend: entry
    nspsend: plen=12, type=4
    nttwr: entry
    nttwr: socket 220 had bytes written=12
    nttwr: exit
    nspsend: 12 bytes to transport
    nspsend: packet dump
    nspsend: 00 0C 00 00 04 00 00 00 |........|
    nspsend: 22 00 00 00 00 00 00 00 |".......|
    nspsend: normal exit
    nscon: exit (0)
    nsdo: nsctxrnk=0
    nsdo: normal exit
    nsclose: entry
    nstimarmed: entry
    nstimarmed: no timer allocated
    nstimarmed: normal exit
    nsdo: entry
    nsdo: cid=1, opcode=66, *bl=0, *what=0, uflgs=0x0, cflgs=0x2
    nsdo: rank=64, nsctxrnk=0
    nsdo: nsctx: state=2, flg=0x4200, mvd=0
    nsevunreg: entry
    nsevunreg: cid=1, sgt=0, rdm=0
    nsrah: entry
    nsevunreg: 1 registered connection(s)
    nsevunreg: normal exit
    nsbfr: entry
    nsbaddfl: entry
    nsbaddfl: normal exit
    nsbfr: normal exit
    nsbfr: entry
    nsbaddfl: entry
    nsbaddfl: normal exit
    nsbfr: normal exit
    nsdo: nsctxrnk=0
    nsdo: normal exit
    nsclose: closing transport
    nttdisc: entry
    nttdisc: Closed socket 220
    nttdisc: exit
    nsclose: global context check-out (from slot 1) complete
    nsnadisc: entry
    nsbfr: entry
    nsbaddfl: entry
    nsbaddfl: normal exit
    nsbfr: normal exit
    nsmfr: entry
    nsmfr: 1712 bytes at 0xf2fa08
    nsmfr: normal exit
    nsmfr: entry
    nsmfr: 420 bytes at 0xf1d3b8
    nsmfr: normal exit
    nsclose: normal exit
    nsrefuse: exit (0)
    nfpgevh: exit
    nfpgsev: waiting for an event
    nsevwait: entry
    nsevwait: 1 registered connection(s)
    nsevwait: 0 added to NT list for 0x8
    nsevwait: 0 pre-posted event(s)
    nsevwait: waiting for transport event (0 thru 0)...
    ntctst: size of NTTEST list is 1 - not calling poll
    sntseltst: Testing for CONNECTIONS on socket 192

  • Thinkserve​r TS430 management software

    Hello members
    I have a ThinkServer TS430 that is on a domain and I am getting an amber light on the front of the server indicating a system error has accrued. I tried to install the ThinkServer Management software but it told me that it is not recommended to install on a domain controller. How do I find out what the problem is with the server? Is there any other tools available that will work on a domain controller?
    Thank you for your help

    You can install EasyManage on any other system.  We discourage you from installing on a DC, however.  Your workstation, for example, would be more appropriate.  You can also hit the management interface (HTTP) directly to see the contents of the error log.  Instructions are in the documentation on how to connect to the ThinkServer Management Module via any browser. 
    Cheers!
    Regards,
    Nathan Miller
    Enterprise S&P Product Manager
    Enterprise Systems Group
    Lenovo
    ThinkServer is now on Twitter. We want to hear from you.
    https://twitter.com/lenovoserver

  • Norton Firewall logging connections from usr/sbin/nmbd every 6 seconds...  What is this, and how can I stop it?

    This whole situation first started with a complaint from my ISP that it appeared I had a trojan virus...  around 1100-1200 messages per hour were being run through their servers via my account.  I have also Anti-Virus enabled, so I was left scratching my head...
    No viruses found on a full scan - so I started watching processes and connections.  This nmbd process is suspicious...  I don't run windows file sharing, nor have I ever.  This just popped up recently.  I also had two mac tech support calls, and one to Symantec - and it ran fine for a couple of days - but it's back again. 
    What is this, and how can I find the culprit, and remove it permanently...?
    Thanks in advance for any advice!
    --Jeff

    Thanks Thomas, appreciate the insight!  Thanks for taking the time to help me think through this...
    I have reset the password  twice now...
    It's only impacting one account, and the ISP says it's local to me - somewhere on my local network.
    I do have a few devices on my home network.  The only one with windows is my macbook air running parallels.  I just use this to browse some web projects I work on (view in IE to make sure everything is looking like it should). 
    The passwords I have used both times - they were ones set by my isp - the type you can't remember, they seem rather strong (upper/lower case letters, numbers, symbols).  That's what leads me to believe it's also local - something on my machine.  And it only seems to be impacting one email account (I have 5 running in Mac Mail).
    WiFi network is protected by WPA2 - just checked to be sure.  All good there.
    Now, in Norton Firewall log - I can see incoming and outgoing connections via Windows File Sharing/nmbd. 
    The reason I feel/felt that this is related to the spam sends is that once I saw the number of connects, and roughly equals the number of sends per hour of spam - I stopped the process with the firewall and suddenly my isp says the spam sends stop. That led me to believe they are related. Perhaps this virus or malware has spoofed it's name and is identifying itself as nmbd?  I have no idea.  Just scared to turn it all off just yet.
    I did notice that Moutain Lion does not run this...  (nmbd).
    I did wonder about the Air sending something off of windows - but this all happened while it was off, laying on the desk next to me.  It rarely gets used unless I'm testing or traveling.
    I can understand nmbd being useful part of the system, I cannot understand how it would be very useful if I didn't turn it on, it connects at that frequency, and I don't have file sharing enabled.  That's why I am hesitant to turn Norton off, and hope that everything just goes away.  I want to try and get this problem figured out as simply turning Norton off doesn't seem like I'm taking steps to eliminate the problem.  Perhaps Norton is causing other issues - and I'll be removing the software asap - but want to make sure the spam sends cease.
    Let me know if that sparks any ideas...  Thanks again! 
    --Jeff

  • Firewall log - what's this mean?

    I had a hardware router/firewall and IP address server, just down stream from my cable modem until that device died this week. I've reconfigured what I had to use my Airport Graphite to distribute IP addresses and share a single IP address for all the devices on the home network "using NAT and DHCP" and connected 2 computers and a network printer with a simple Ethernet switch/hub. (BTW, this provides noticeably faster speed to the internet!) I already had the OS 10.4 firewall turned on in the 2 MacBooks, but I also now enabled Stealth Mode and for the first time "Firewall logging."
    So I later looked in the log file and I find:
    "Jan 8 20:49:31 Michaels-MacBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.8:52066 from 74.125.19.104:80
    Jan 8 20:49:31 Michaels-MacBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.8:52066 from 74.125.19.104:80
    Jan 8 20:49:33 Michaels-MacBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.8:52066 from 74.125.19.104:80
    Jan 8 20:49:33 Michaels-MacBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.8:52066 from 74.125.19.104:80"
    10.0.1.8 is the IP for this MacBook. I think this says I'm being scanned by someone attempting to use port 52066 (???), from some other computer named 74.125.19.104 port 80 - is that correct? Should I be worried? Is there something else I should enable or disable? Naturally, I turned on the minimum number of services in the Firewall. BTW, how could I find out who/where 74.125.19.104 is? This went on for about 3 minutes last night but seems to have stopped now.
    I think this also makes me believe I should go back to a hardware firewall upstream, right at the 'port of entry,' but I don't see much for sale these days (at home prices) that is a true firewall. I know a new Airport Extreme Basestation says it has a "built-in firewall" but I can't find any information about that feature, ie is it more than just NAT translation? Does anyone have a recommendation for a reasonably priced, easy to set up and manage firewall?
    thanks!

    I have Snort NIDS running on my computer and get port scans similar to this reported to me all the time from numerous websites - for example, from these very discussions.apple.com forums. Port 443 is a server https port, your port 49235 is in all likelihood the randomly created outbound port that you initially established a web browsing connection with, hence, assuming this to be an established connection, it would have been forwarded through your router to your computer (to your 192.168.x.x address). This IPA belongs to akamai.com, I think they handle a lot of online purchasing and online billing stuff and stuff that requires logging in in some manner or another -- were you paying bills or buying something online or in an authenticated website at the time this occurred?
    I don't understand why these port scans from established connections to reputable web servers happen, but I don't believe them to be abnormal. Perhaps someone who is a subject matter expert in enterprise-class web servers could weigh in here and explain what may be going on here.

  • AP541N Management Software?

    Hi is there any management software available to manage 5 or so AP541N running across a WAN. Eg we have a couple of VAP's setup on each access point 1 for staff and 1 for guests. I would like to be able to change all the WPA Personal guest access password centrally rather than having to log onto each box and edit it manually.
    Thanks
    Colin

    Hi Colin, there is not any supported software from Cisco for these units. I know CCA can detect the AP for the topology but I don't think you can actually manage them from there.
    If these AP's are installed at one location, you could cluster them and with any change made to one AP all the AP's will reflect the changes automatically.
    -Tom
    Please rate helpful posts

  • Alternatives to download management software

    I understand companies like to do things "their way"  and I understand that proprietary download management software for products is good for some but not others.  Has adobe completely abandoned the option of downloading individual self executable Trial software?  I think it's a really stupid and unnecessary move if so.  Why not offer both options to customers. Think about it Adobe. Think about it for more than 5 minutes please.  This is not asking for the moon here. 
    Thanks. 

    Thanks.  Appreciate the response, but I've been trying to download direct links on prodesigntools while logged into my adobe account and all I get is this message repeatedly:
    Access Denied
    You don't have permission to access "http://trials3.adobe.com/AdobeProducts/PPRO/8/win64/PremierePro_8_LS20.7z?" on this server.
    Reference #18.4ebd3b17.1429927151.2b629dc2
    Update:  I seem to have found a way to get this method working okay.  Thank you very much for posting some helpful info.  Means a lot.

  • Sun Storage Common Array Manager software

    trying to configure two storage arrays and cannot find the original disks
    found the website with link to the Sun Storage Common Array Manager software
    http://www.oracle.com/us/products/servers-storage/storage/san/fc/common-array-manager/resources/index.html
    but it is a dead link...
    now i need this software or the two storage arrays cannot be reconfigured
    maintenance for them have lapse so my oracle support is not an option
    any links to be able to obtain the software... doesn't matter even if older version... doesn't need to be latest

    No Good, everytime i go to the download section for software relating to hardware i keep getting asked to
    Add Support Identifiers …
    just a log in account isn't good enough
    so back to my original problem, even though we own the equipment outright, they are essentially a couple of expensive paperweights
    it shouldn't be that hard to obtain even an older version of this necessary piece of software?
    is it possible to obtain support identifiers for sun hardware with expired maintenance? maybe that will allow me to at least download the version of the software that was available at the time of expiration?

  • Lenovo Power Manager Software - MDT Task Sequence

    I'm working in an environment which does Operating System Deployment via SCCM 2007 SP2 R2 with MDT 2010 Update 1 Integration.  I have an MDT Task Sequence that deploys my captured Windows 7 WIM file to predominantly Lenovo laptops (98% Lenovo fleet too).  Part of this Task Sequence uses rules to specifically target drivers and applications to individual models.  I'm am having GREAT difficulty in getting the Lenono Power Manager software (V3.31) to install as part of the Task Sequence.
    The summary of the story is as follows:
    Lenovo Bluetooth software is installing OK (msiexec /i Win32\BTW.msi /t 1033.mst /qb-)
    Lenovo Hotkey software is installing OK (SETUP.EXE /S)
    I've put logs for the Power Manager installation, and there are no errors i.e. it "seems" to install OK (SETUP.EXE /S)
    I can advertise the Power Manager software POST image and it installs and works OK
    Applications in the Task Sequence run in the order of Power Manager, Bluetooth, Hotkeys.
    That hopefully provides the information for someone to maybe shed some light.  It's a little frustrating given that the package actually will successfully install.  I'm almost to the point where I want to try and create a collection with rules to populate it with Lenovo laptops and then mandatory install it.  It's not a critical application - it would just be nice to have.
    Solved!
    Go to Solution.

    I did some more searching and found this method to do it - http://www.windows-noob.com/forums/index.php?/topic/1231-os-deployment-and-lenovo-computers/.  I used the idea of creating a Task Sequence step to copy the files locally, followed by a step to install it from the local files. It worked fine for this.  If anyone has a "cleaner" method though, let me know.

  • Firewall Log Analyzer

    We currently have a PIX firewall and I am wondering what would be a good real time log anaylzer. Currently we are using ManageEngine's Firewall Analyzer but have run into some issues with the product.
    Thanks

    Craig,
    Thank you for the post. I believe you must have used Firewall Analyzer's basic edition (Firewall Analyzer 4), and the application has reached various milestones in the past. The latest version of ManageEngine Firewall Analyzer is 7.2
    The product almost support all the leading vendors in the industry. Our application is segregated in to the three categories and they are,
        1.Traffic
        2.Security
        3.Management
    1. Traffic Statistics:
          This will give you the complete bandwidth information that was transacted through out the network with multiple drill analysis such as Source, Destination, Protocol, Hits, Bytes Sent, Bytes Received etc.
    You can even do capacity planning and forecasting with the product.
    2. Security Statistics:
          Security Statistics (Reports) will display all malicious events in your network. It will help you to know the various threats and attacks to the company from outside to inside and vice versa.
    3. Management Statistics:
          This will help you to do audit and security configuration analysis which includes change management, compliance report. This will point out the loop holes of the network and assist you to fix it.
    Why Firewall Analyzer?
    Support for Firewall and security devices from multiple vendors
    Real-time bandwidth monitoring
    Employee internet usage with URL monitoring
    Real-time alerting
    Firewall Change Management reports
    Security Audit & Configuration Analysis reports
    Diagnose live connections
    Capability to view traffic trends and usage patterns (Capacity Planning)
    Powerful search for forensic and security analysis
    Multi-level drill down into top hosts, protocols, web sites and more
    Network security reports
    Firewall compliance reports
    Flexible and secured log data archiving
    Rebranding, User based views and dashboard for MSSP Support
    and more
    http://www.manageengine.com/products/firewall/features.html
    I recommend you to evaluate the fully functioned 30 days evaluation copy and check if it helps you to acheive your use case.
    Regards,
    Vignesh.K
    Firewall Analyzer

  • Call log Manager..?

    Hi All,
    I am looking for if there are mobile phone software (for symbian obviously) that can log all incoming and outgoing phone calls and transmit the log to file server/mobilephone in real-time (or small delay)?
    Ps: I found one but it's for SonyEricsson which is called Call Log Manager...
    Thanks
    Serhan

    Hi parden,
    You can also run : set logging enable 
    in CUCM Cli mode this will atleast allows you to enable CLI Admin logs 
    and to check all the logins detail run : show logins
    Regards 
    Spooster

  • I wonder to know what is the enterprise solution for windows and application event log management and analyzer

    Hi
    I wonder to know what is the enterprise solution for windows and application event log management and analyzer.
    I have recently research and find two application that seems to be profession ,1-manageengine eventlog analyzer, 2- Solarwinds LEM(Solarwind Log & Event Manager).
    I Want to know the point of view of Microsoft expert and give me their experience and solutions.
    thanks in advance.

    Consider MS System Center 2012.
    Rgds

  • Lion Battery Management Software seems to be erratic.

    The Lion OS X 10.7.2 battery management software appears to be very erratic.
    I just brought a new MacBook Pro direct from Apple last week (late 2011, 15", 2.4 GHz, 8 GB 1333 Mhz DDR3, 7500 rpm disc) with Lion OS X 10.7.2 preinstalled, i.e., the latest and greatest. I was only getting 3 hours on a battery charge until it ran out. After searching the forums nothing quite matched (older models, different graphic cards, more constrained systems, Lion software upgrades, etc).
    I have the screen brightness set to about 50%, the power option "put disks to sleep whenever possible", and the keyboard set to turn off the light after 30 seconds of non-use. On battery, I have "display sleep" at 6 minutes and "computer sleep" set to 10 minutes. So I am not pushing the power consumption very hard.
    I ran a "repair" from the recovery partition and my hard disk had no problems.
    So I tried the Reset Power Manager metioned in another thread:
    Shutdown
    Depress Ctrl+Option+Shift
    Power on
    Hold for at least 10 seconds
    Power on
    and that extended my battery charge to 6 hours, not quite the 7 hours advertised. (I even tried it on my mid 2009 Mac Book Pro 13", Snow Leopard OS X 10.6.8 and its battery life was extended by about .67%).
    But I started seeing odd reporting in the "time remaining" in the battery icon. The "time remaining" would fluctuate by as much as 20% in a just a few seconds, going either up or down! For example, it would jump from 4 hours to 3 hours, then up to 3.5 hours then up to 4.5 hours, down to 1.3 hours, and back up to 4.0, and so forth whenever I changed the state.
    So I watched the "battery charge remaining" over several hours with different states:  (WIFI on/off, start/stop applications, turn Thunderbird/Firefox to offline and back to online; Thunderbird is not an issue because I have it set to check for incoming messages every 2 hours not every few minutes) and I monitored using the Activity Monitor and the widget iStat Pro. The cpu was reported to never exceed 2% busy, user+system, and free memory never fell below 5.9 GB with minimwl swapping and paging, i.e. the machine was basically idle even when I had WIFI on with Firefox watching Adobe Flash video from the net, which is purportedly a CPU hog (it is not).
    Has anyone else seen this erratic battery software managemt behavior? Does any have an explanation?

    I noticed in some archived threads that someone suggested changing "time" to "percentage" because "time" remaining is calculated every few seconds and is very sensitive to changes of state as I noted in my post. I don't see that "solution" as much use because it doesn't tell me "percentage" of what? The amount of charge left? What I really what to know is "how long will my charge last?". 70% of 3 hours is something quite different than 70% of 7 hours. It seems to me that the time remaining ought to be calculated less often. The value is reported in hh:mm. I don't see much point in calculating it every few seconds. Once a minute would actually be more accurate.

Maybe you are looking for