Firewall Log Management Software
Can anyone recommend any firewall log management software that are proven?
Adam,
I suggest you to try ManageEngine Firewall Analyzer.
The product almost support all the leading vendors in the industry. The product is segregated in to the three categories and they are,
1.Traffic
2.Security
3.Management
1. Traffic Statistics:
This will give you the complete bandwidth information that was transacted through out the network with multiple drill analysis such as Source, Destination, Protocol, Hits, Bytes Sent, Bytes Received etc. You can even do capacity planning and forecasting with the product.
2. Security Statistics:
Security Statistics (Reports) will display all malicious events in your network. It will help you to know the various threats and attacks to the company from outside to inside and vice versa.
3. Management Statistics:
This will help you to do audit and security configuration analysis which includes change management, compliance report. This will point out the loop holes of the network and assist you to fix it.
Why Firewall Analyzer?
*Support for Firewall and security devices from multiple vendors
*Real-time bandwidth monitoring
*Employee internet usage with URL monitoring
*Real-time alerting
*Firewall Change Management reports
*Security Audit & Configuration Analysis reports
*Diagnose live connections
*Capability to view traffic trends and usage patterns (Capacity Planning)
*Powerful search for forensic and security analysis
*Multi-level drill down into top hosts, protocols, web sites and more
*Network security reports
*Firewall compliance reports
*Flexible and secured log data archiving
*Rebranding, User based views and dashboard for MSSP Support
and more
http://www.manageengine.com/products/firewall/features.html
I recommend you to evaluate the fully functioned 30 days evaluation copy and check if it helps you to acheive your use case.
Regards,
Vignesh.K
Firewall Analyzer
Similar Messages
-
CRM 7.0 - Communication Management Software - CTI
Hi,
We are in process of configuring Contact Center Simulator.
The fact is that we don't have JAVA stack on CRM 7.0 system, rather we are using different system for JAVA stack.
We have successfully done with RFC connection in CRM 7.0 pointing to JAVA stack system and other required config settings.
When user click 'Ready' button from UI, it gives error 'Communication management software system is not configured'.
Does any body has experenced this or did I missed out any step?
Regards,
Nilesh PHi Nilesh,
Here are a few things to check:
1. Look at the ICI trace log and see what kind of message is being returned
2. Double-check your toolbar configuration - this often gets overlooked - you need a toolbar for voice configured
3. Check that the system where the Java stack resides can "see" and connect to your CRM 7.0 system - if there is a firewall between the two or if there is some other network reason that communication might be getting blocked. look at the ICI trace log and see what url is being passed in the subscribe command, then put that URL into a web browser on the java server to verify that it can call back to the CRM system
Hope this helps. I have done that same thing before so I know it works.
Sincerely,
Glenn
Glenn Abel
Covington Creative
www.covingtoncreative.com -
I had closed Firefox after briefly running it and then tried to reopen it anew but got a message that said "Firefox is already running but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system."
I logged off my computer, and later restarted. However, when I checked my Firewall log it showed that during the minute I had my computer on earlier there were about a dozen instances of "Firefox is preparing to access the internet" which were recorded just seconds apart.
I don't have the problem now -- restarting apparently took care of the issue -- but I don't understand why there were so many instances of Firefox preparing to access the internet when I was not clicking on it all those times, the one time I did I got a message that it already was running, and there were no tabs on my screen to reflect all those supposed instances.
Thanks for any insight that folks can offer.Were that Firefox processes or plugin-container processes?
*http://kb.mozillazine.org/Plugin-container_and_out-of-process_plugins
*https://support.mozilla.org/kb/What+is+plugin-container
In case you are using "Clear history when Firefox closes", try to exclude the cookies in case you currently have selected this.
*Tools > Options > Privacy > Firefox will: "Use custom settings for history": [X] "Clear history when Firefox closes" > Settings
*https://support.mozilla.org/kb/Clear+Recent+History
Note that clearing "Site Preferences" clears all exceptions for cookies, images, pop-up windows, software installation, and passwords.
Firefox will try to remove cookies created by plugins in case you clear the cookies and that can result in plugin-container processes getting created. -
Oracle 8i: Problem with connectong trough firewall/connection manager
Hello.
i've been trying to make this work for I think 2 weeks now. with no luck. if I go around the firewall/connection manager. everything works fine.
it runs on win xp. port 1521 and port 1630 has been forwarded.
conn manager log:
(TIMESTAMP=22-JUN-2010 16:35:27)(EVENT=10)(VERSION=8.1.7.0.0)
(TIMESTAMP=22-JUN-2010 16:35:27)(EVENT=36)(rule_list= (rule=(src=xx.xx.46.145)(dst=oracle-server)(srv=*)(act=accept)))
(TIMESTAMP=22-JUN-2010 16:35:27)(EVENT=32)(PARAMETER_LIST=(MAXIMUM_RELAYS=1024)(RELAY_STATISTICS=yes)(AUTHENTICATION_LEVEL=0)(LOG_LEVEL=4)(SHOW_TNS_INFO=yes)(ANSWER_TIMEOUT=0)(MAXIMUM_CONNECT_DATA=1024)(USE_ASYNC_CALL=yes)(TRACING=no)(TRACE_DIRECTORY=default)(MAX_FREELIST_BUFFERS=0)(REMOTE_ADMIN=no))
(TIMESTAMP=22-JUN-2010 16:35:27)(EVENT=34)(ADDRESS_LIST= (ADDRESS=(PROTOCOL=tcp)(HOST=oracle-server)(PORT=1630)(QUEUESIZE=32)))
(TIMESTAMP=22-JUN-2010 16:35:31)(EVENT=102)(RLYNO=0)(ADDRESS=(PROTOCOL=tcp)(HOST=xx.xx.46.145)(PORT=11473))
(TIMESTAMP=22-JUN-2010 16:35:31)(EVENT=20)(RLYNO=0)(REASON=16)(ADDRESS=(PROTOCOL=tcp)(HOST=xx.xx.46.145)(PORT=11473))
listener ora:
# LISTENER.ORA Network Configuration File: C:\oracle\ora81\NETWORK\ADMIN\listener.ora
# Generated by Oracle configuration tools.
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = oracle-server)(PORT = 1521))
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = oracle-server)(PORT = 2481))
(PROTOCOL_STACK =
(PRESENTATION = GIOP)
(SESSION = RAW)
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = C:\oracle\ora81)
(PROGRAM = extproc)
(SID_DESC =
(GLOBAL_DBNAME = ifs)
(ORACLE_HOME = C:\oracle\ora81)
(SID_NAME = ifs)
names ora:
ifs=
(DESCRIPTION=
(SOURCE_ROUTE=yes)
(ADDRESS=
(PROTOCOL=tcp)
(HOST=oracle-server)
(PORT=1630))
(ADDRESS=
(PROTOCOL=tcp)
(HOST=oracle-server)
(PORT=1521))
(CONNECT_DATA=
(SERVICE_NAME=ifs)))
INST1_HTTP =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = oracle-server)(PORT = 1521))
(CONNECT_DATA =
(SERVER = SHARED)
(SERVICE_NAME = ifs)
(PRESENTATION = http://admin)
EXTPROC_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(Key = EXTPROC0))
(CONNECT_DATA =
(SID = PLSExtProc)
(PRESENTATION = RO)
We're very close to go with ms sql istead. help would be greatly apreciatet.
Morten
Denmarktracing connection manager:
--- TRACE CONFIGURATION INFORMATION FOLLOWS ---
New trace stream is C:\oracle\ora81\network\trace\cman_3280.trc
New trace level is 16
--- TRACE CONFIGURATION INFORMATION ENDS ---
nfpglsn: entry
nslisten: entry
nsc2addr: entry
nttbnd2addr: entry
nttbnd2addr: port resolved to 1630
nttbnd2addr: looking up IP addr for host: oracle-server
nttbnd2addr: exit
nsc2addr: normal exit
nsopen: entry
nsmal: entry
nsmal: 420 bytes at 0xf19a68
nsmal: normal exit
nsopenmplx: entry
nsmal: entry
nsmal: 1712 bytes at 0xf19c18
nsmal: normal exit
nsopenmplx: normal exit
nsopen: opening transport...
nttcon: entry
nttcon: toc = 2
nttcnp: entry
ntvlin: entry
ntvllt: entry
ntvllt: No PROTOCOL.ORA file is found
ntvllt: exit
ntvlin: exit
nttcnp: Validnode Table IN use; err 0x0
nttcnp: creating a socket.
nttcnp: binding an address to a socket.
nttcnp: listening on a bound socket (queue size = 32).
nttcnp: getting sockname
nttcnp: exit
nttcon: exit
nsopen: transport is open
nsoptions: entry
nsoptions: lcl[0]=0x0, lcl[1]=0x2150, gbl[0]=0x0, gbl[1]=0x2001, cha=0x0
nsoptions: lcl[0]=0x1fefff, lcl[1]=0x2150, gbl[0]=0x783f, gbl[1]=0x2001
nsoptions: normal exit
nsopen: global context check-in (to slot 0) complete
nsopen: lcl[0]=0x1fefff, lcl[1]=0x2150, gbl[0]=0x783f, gbl[1]=0x2001, tdu=32767, sdu=8192
nsopen: Caller is Interchange; telling adapter
nttctl: entry
nsdo: entry
nsdo: cid=0, opcode=65, bl=0, what=0, uflgs=0x0, cflgs=0x2
nsdo: rank=64, nsctxrnk=0
nsdo: nsctx: state=7, flg=0x4202, mvd=0
nsbal: entry
nsbgetfl: entry
nsbgetfl: normal exit
nsmal: entry
nsmal: 44 bytes at 0x3ce9a0
nsmal: normal exit
nsbal: normal exit
nsdo: nsctxrnk=0
nsdo: normal exit
nsopen: normal exit
nslisten: normal exit
nsevreg: entry
nsevreg: begin registration process for 0
nsevregPrePost: entry
nsevregPrePost: normal exit
nsevreg: sgt=0, evn=1, evt[2]=0x0
nsevreg: begin notification process for 0
nsevregAffectNotif: entry
nsevregAffectNotif: exit (0)
nsevreg: rdm=0, sgt=0, evt[0]=0x1, [1]=0x1, [2]=0x0, nrg=0
nsevreg: registering for 0x1
nsevreg: normal exit
nfpglsn: exit
nscall: entry
nsmal: entry
nsmal: 140 bytes at 0xf19650
nsmal: normal exit
nscall: connecting...
nsc2addr: entry
nttbnd2addr: entry
nttbnd2addr: port resolved to 1830
nttbnd2addr: looking up IP addr for host: oracle-server
nttbnd2addr: exit
nsc2addr: normal exit
nsopen: entry
nsmal: entry
nsmal: 420 bytes at 0xf1d3b8
nsmal: normal exit
nsopenmplx: entry
nsmal: entry
nsmal: 1712 bytes at 0xf1d568
nsmal: normal exit
nsopenmplx: normal exit
nsopen: opening transport...
nttcon: entry
nttcon: toc = 1
nttcnp: entry
ntvlin: entry
ntvlin: exit
nttcnp: Validnode Table IN use; err 0x0
nttcnp: creating a socket.
nttcnp: exit
nttcni: entry
nttcni: trying to connect to socket 220.
nttcni: exit
nttcon: NT layer TCP/IP connection has been established.
nttcon: set TCP_NODELAY on 220
nttcon: exit
nsopen: transport is open
nsnainit: entry
nsnainit: call
nsnainit: NA not wanted - disabling and returning
nsoptions: entry
nsoptions: lcl[0]=0x0, lcl[1]=0x10, gbl[0]=0x0, gbl[1]=0x0, cha=0x0
nsoptions: lcl[0]=0x1fefff, lcl[1]=0x10, gbl[0]=0xf83f, gbl[1]=0x0
nsoptions: normal exit
nsopen: global context check-in (to slot 1) complete
nsopen: lcl[0]=0x1fefff, lcl[1]=0x10, gbl[0]=0xf83f, gbl[1]=0x0, tdu=32767, sdu=2048
nsdo: entry
nsdo: cid=1, opcode=65, bl=0, what=0, uflgs=0x0, cflgs=0x2
nsdo: rank=64, nsctxrnk=0
nsdo: nsctx: state=7, flg=0x4201, mvd=0
nsbal: entry
nsbgetfl: entry
nsbgetfl: normal exit
nsmal: entry
nsmal: 44 bytes at 0xf191c8
nsmal: normal exit
nsbal: normal exit
nsbal: entry
nsbgetfl: entry
nsbgetfl: normal exit
nsmal: entry
nsmal: 44 bytes at 0xf19200
nsmal: normal exit
nsbal: normal exit
nsepcIniCFI: entry
nlidg8: entry
nlidg8: exit
nsepcIniCFI: normal exit
nsdo: nsctxrnk=0
nsdo: normal exit
nsopen: normal exit
nsdo: entry
nsdo: cid=1, opcode=67, bl=0, what=8, uflgs=0x0, cflgs=0x3
nsdo: rank=64, nsctxrnk=0
nsdo: nsctx: state=14, flg=0x4205, mvd=0
nsdo: gtn=0, gtc=0, ptn=10, ptc=2019
nscon: entry
nscon: doing connect handshake...
nscon: sending NSPTCN packet
nspsend: entry
nspsend: plen=58, type=1
nttwr: entry
nttwr: socket 220 had bytes written=58
nttwr: exit
nspsend: 58 bytes to transport
nspsend: packet dump
nspsend: 00 3A 00 00 01 00 00 00 |.:......|
nspsend: 01 36 01 2C 00 00 08 00 |.6.,....|
nspsend: 7F FF A3 0A 00 00 01 00 |........|
nspsend: 00 00 00 3A 00 00 00 00 |...:....|
nspsend: 00 00 00 00 00 00 00 00 |........|
nspsend: 00 00 00 00 0E A0 00 00 |........|
nspsend: 00 00 00 00 00 00 00 00 |........|
nspsend: 00 00 00 00 00 00 00 00 |........|
nspsend: normal exit
nscon: exit (0)
nsdo: nsctxrnk=0
nsdo: normal exit
nsdo: entry
nsdo: cid=1, opcode=68, bl=256, what=9, uflgs=0x2000, cflgs=0x3
nsdo: rank=64, nsctxrnk=0
nsdo: nsctx: state=2, flg=0x4205, mvd=0
nsdo: gtn=0, gtc=0, ptn=10, ptc=2019
nscon: entry
nscon: recving a packet
nsprecv: entry
nsbal: entry
nsbgetfl: entry
nsbgetfl: normal exit
nsmal: entry
nsmal: 44 bytes at 0xf19238
nsmal: normal exit
nsbal: normal exit
nsprecv: reading from transport...
nttrd: entry
nttrd: socket 220 had bytes read=32
nttrd: exit
nsprecv: 32 bytes from transport
nsprecv: tlen=32, plen=32, type=2
nsprecv: packet dump
nsprecv: 00 20 00 00 02 00 00 00 |. ......|
nsprecv: 01 36 00 00 08 00 7F FF |.6......|
nsprecv: 01 00 00 00 00 20 00 00 |..... ..|
nsprecv: 00 00 00 00 00 00 00 00 |........|
nsprecv: normal exit
nscon: got NSPTAC packet
nsconneg: entry
nsconneg: vsn=310, gbl=0x0, sdu=2048, tdu=32767
nsconneg: normal exit
nscon: no connect data
nscon: doing connect handshake...
nscon: nsctxinf[0]=0x0, [1]=0x0
nscon: normal exit
nsdo: nsctxrnk=0
nsdo: normal exit
nsnaconn: entry
nsnainconn: entry
nsnainconn: inf->nsinfflg[0]: 0x0 inf->nsinfflg[1]: 0x0
nsnainconn: "or" info flags: 0x0
nsnainconn: "and" info flags: 0x0
nsnainconn: no native services in use - returning
nsnainconn: signalling that calling function should not continue
nsnainconn: normal exit
nsnaconn: normal exit
nscall: normal exit
nsdo: entry
nsdo: cid=1, opcode=67, bl=116, what=1, uflgs=0x2, cflgs=0x3
nsdo: rank=64, nsctxrnk=0
nsdo: nsctx: state=8, flg=0x420d, mvd=0
nsdo: gtn=32, gtc=32, ptn=10, ptc=2019
nsdo: 116 bytes to NS buffer
nsdoacts: entry
nsdofls: entry
nsdofls: DATA flags: 0x0
nsdofls: sending NSPTDA packet
nspsend: entry
nspsend: plen=126, type=6
nttwr: entry
nttwr: socket 220 had bytes written=126
nttwr: exit
nspsend: 126 bytes to transport
nspsend: packet dump
nspsend: 00 7E 00 00 06 00 00 00 |.~......|
nspsend: 00 00 30 31 31 32 28 43 |..0112(C|
nspsend: 4D 41 4E 5F 52 45 43 4F |MAN_RECO|
nspsend: 52 44 3D 28 43 4F 4D 4D |RD=(COMM|
nspsend: 41 4E 44 3D 31 30 31 29 |AND=101)|
nspsend: 28 41 44 44 52 45 53 53 |(ADDRESS|
nspsend: 5F 4C 49 53 54 3D 20 28 |_LIST= (|
nspsend: 41 44 44 52 45 53 53 3D |ADDRESS=|
nspsend: 28 50 52 4F 54 4F 43 4F |(PROTOCO|
nspsend: 4C 3D 74 63 70 29 28 48 |L=tcp)(H|
nspsend: 4F 53 54 3D 6F 72 61 63 |OST=orac|
nspsend: 6C 65 2D 73 65 72 76 65 |le-serve|
nspsend: 72 29 28 50 4F 52 54 3D |r)(PORT=|
nspsend: 31 36 33 30 29 28 51 55 |1630)(QU|
nspsend: 45 55 45 53 49 5A 45 3D |EUESIZE=|
nspsend: 33 32 29 29 29 29 00 00 |32))))..|
nspsend: normal exit
nsdofls: exit (0)
nsdoacts: flushing transport
nttctl: entry
nsdoacts: normal exit
nsdo: nsctxrnk=0
nsdo: normal exit
nsdisc: entry
nsclose: entry
nstimarmed: entry
nstimarmed: no timer allocated
nstimarmed: normal exit
nsdo: entry
nsdo: cid=1, opcode=98, bl=0, what=0, uflgs=0x40, cflgs=0x2
nsdo: rank=64, nsctxrnk=0
nsdo: nsctx: state=8, flg=0x4209, mvd=0
nsbfr: entry
nsbaddfl: entry
nsbaddfl: normal exit
nsbfr: normal exit
nsbfr: entry
nsbaddfl: entry
nsbaddfl: normal exit
nsbfr: normal exit
nsdo: nsctxrnk=0
nsdo: normal exit
nsclose: closing transport
nttdisc: entry
nttdisc: Closed socket 220
nttdisc: exit
nsclose: global context check-out (from slot 1) complete
nsnadisc: entry
nsbfr: entry
nsbaddfl: entry
nsbaddfl: normal exit
nsbfr: normal exit
nsmfr: entry
nsmfr: 1712 bytes at 0xf1d568
nsmfr: normal exit
nsmfr: entry
nsmfr: 140 bytes at 0xf19650
nsmfr: normal exit
nsmfr: entry
nsmfr: 420 bytes at 0xf1d3b8
nsmfr: normal exit
nsclose: normal exit
nsdisc: exit (0)
nfpgsev: entry
nfpgsev: waiting for an event
nsevwait: entry
nsevwait: 1 registered connection(s)
nsevwait: 0 added to NT list for 0x8
nsevwait: 0 pre-posted event(s)
nsevwait: waiting for transport event (0 thru 0)...
ntctst: size of NTTEST list is 1 - not calling poll
sntseltst: Testing for CONNECTIONS on socket 192
sntseltst: FOUND: connection request on socket 192
nsevwait: 1 newly-posted event(s)
nsevfnt: cxd: 0xf19348 stage 0: NT events set:
CONNECTION REQUEST
nsevfnt: cxd: 0xf19348 stage 0: NS events set:
INCOMING CALL
nsevwait: event is 0x1, on 0
nsevwait: 1 posted event(s)
nsevwait: exit (0)
nfpgsev: # event connections = 1
nfpgevh: entry
nfpgevh: event on cxd 0xf19348 (or cid 0)
nfpgevh: event flags = 0x1
nsanswer: entry
nsopen: entry
nsmal: entry
nsmal: 420 bytes at 0xf1d3b8
nsmal: normal exit
nsopenmplx: entry
nsmal: entry
nsmal: 1712 bytes at 0xf2fa08
nsmal: normal exit
nsopenmplx: normal exit
nsopen: opening transport...
nttcon: entry
nttcon: toc = 3
nttcnp: entry
ntvlin: entry
ntvlin: exit
nttcnp: Validnode Table IN use; err 0x0
nttcnp: getting sockname
nttcnp: exit
nttcnr: entry
nttcnr: waiting to accept a connection.
nttcnr: getting sockname
nttvlser: entry
nttvlser: valid node check on incoming node 85.81.46.145
nttvlser: Accepted Entry: 85.81.46.145
nttcnr: exit
nttcon: NT layer TCP/IP connection has been established.
nttcon: set TCP_NODELAY on 220
nttcon: exit
nsopen: transport is open
nsnainit: entry
nsnainit: normal exit
nsopen: global context check-in (to slot 1) complete
nsopen: lcl[0]=0x1fefff, lcl[1]=0x2153, gbl[0]=0x783f, gbl[1]=0x2001, tdu=32767, sdu=8192
nsopen: Caller is Interchange; telling adapter
nttctl: entry
nsdo: entry
nsdo: cid=1, opcode=65, bl=0, what=0, uflgs=0x0, cflgs=0x2
nsdo: rank=64, nsctxrnk=0
nsdo: nsctx: state=7, flg=0x4200, mvd=0
nsbal: entry
nsbgetfl: entry
nsbgetfl: normal exit
nsmal: entry
nsmal: 44 bytes at 0xf30e48
nsmal: normal exit
nsbal: normal exit
nsbal: entry
nsbgetfl: entry
nsbgetfl: normal exit
nsmal: entry
nsmal: 44 bytes at 0xf1de68
nsmal: normal exit
nsbal: normal exit
nsdo: nsctxrnk=0
nsdo: normal exit
nsopen: normal exit
nsanswer: deferring connect attempt; at stage 5
nsanswer: normal exit
nfpgevh: client side cid = 0x1
nsevreg: entry
nsevreg: begin registration process for 1
nsevregPrePost: entry
nsevregPrePost: normal exit
nsevreg: sgt=0, evn=1, evt[2]=0x0
nsevreg: begin notification process for 1
nsevregAffectNotif: entry
nsevregAffectNotif: exit (0)
nsevreg: rdm=0, sgt=0, evt[0]=0x20, [1]=0x20, [2]=0x0, nrg=0
nsevreg: registering for 0x20
nsevreg: normal exit
nfpgevh: event 0x20 registered for cid 1
nfpgevh: exit
nfpgsev: waiting for an event
nsevwait: entry
nsevwait: 2 registered connection(s)
nsevwait: 0 added to NT list for 0x8
nsevwait: 1 added to NT list for 0x2
nsevwait: 0 pre-posted event(s)
nsevwait: waiting for transport event (0 thru 1)...
ntctst: size of NTTEST list is 1 - not calling poll
sntseltst: Testing for CONNECTIONS on socket 192
sntseltst: Testing for DATA on socket 220
sntseltst: FOUND: read request on socket 220
nsevwait: 1 newly-posted event(s)
nsevfnt: cxd: 0x12a007c stage 5: NT events set:
READ
nsevfnt: cxd: 0x12a007c stage 5: NS events set:
OUTGOING CALL COMPLETE
nsprecv: entry
nsbal: entry
nsbgetfl: entry
nsbgetfl: normal exit
nsmal: entry
nsmal: 44 bytes at 0xf1dea0
nsmal: normal exit
nsbal: normal exit
nsprecv: reading from transport...
nttrd: entry
nttrd: socket 220 had bytes read=270
nttrd: exit
nsprecv: 270 bytes from transport
nsprecv: tlen=270, plen=270, type=1
nsprecv: normal exit
nsevfnt: cxd: 0x12a007c stage 5: NT events set:
READ
nsevfnt: cxd: 0x12a007c stage 5: NS events set:
OUTGOING CALL COMPLETE
nsevdansw: entry
nsevdansw: at STAGE 5
nsdo: entry
nsdo: cid=1, opcode=68, bl=1024, what=8, uflgs=0x0, cflgs=0x3
nsdo: rank=64, nsctxrnk=0
nsdo: nsctx: state=14, flg=0x4204, mvd=0
nsdo: gtn=0, gtc=0, ptn=10, ptc=8163
nscon: entry
nscon: doing connect handshake...
nscon: recving a packet
nsprecv: entry
nsprecv: 270 bytes from leftover
nsprecv: tlen=270, plen=270, type=1
nsprecv: packet dump
nsprecv: 01 0E 00 00 01 00 00 00 |........|
nsprecv: 01 39 01 2C 00 00 08 00 |.9.,....|
nsprecv: 7F FF C6 0E 00 00 01 00 |........|
nsprecv: 00 D4 00 3A 00 00 02 00 |...:....|
nsprecv: 61 61 00 00 00 00 00 00 |aa......|
nsprecv: 00 00 00 00 00 00 00 00 |........|
nsprecv: 00 00 00 00 00 00 00 00 |........|
nsprecv: 00 00 28 44 45 53 43 52 |..(DESCR|
nsprecv: 49 50 54 49 4F 4E 3D 28 |IPTION=(|
nsprecv: 43 4F 4E 4E 45 43 54 5F |CONNECT_|
nsprecv: 44 41 54 41 3D 28 53 45 |DATA=(SE|
nsprecv: 52 56 49 43 45 5F 4E 41 |RVICE_NA|
nsprecv: 4D 45 3D 69 66 73 29 28 |ME=ifs)(|
nsprecv: 43 49 44 3D 28 50 52 4F |CID=(PRO|
nsprecv: 47 52 41 4D 3D 43 3A 5C |GRAM=C:\|
nsprecv: 50 72 6F 67 72 61 6D 20 |Program |
nsprecv: 46 69 6C 65 73 5C 4D 69 |Files\Mi|
nsprecv: 63 72 6F 73 6F 66 74 20 |crosoft |
nsprecv: 56 69 73 75 61 6C 20 53 |Visual S|
nsprecv: 74 75 64 69 6F 20 31 30 |tudio 10|
nsprecv: 2E 30 5C 43 6F 6D 6D 6F |.0\Commo|
nsprecv: 6E 37 5C 49 44 45 5C 64 |n7\IDE\d|
nsprecv: 65 76 65 6E 76 2E 65 78 |evenv.ex|
nsprecv: 65 29 28 48 4F 53 54 3D |e)(HOST=|
nsprecv: 4D 4F 52 54 45 4E 53 29 |MORTENS)|
nsprecv: 28 55 53 45 52 3D 6D 6F |(USER=mo|
nsprecv: 72 74 65 6E 29 29 29 28 |rten)))(|
nsprecv: 41 44 44 52 45 53 53 3D |ADDRESS=|
nsprecv: 28 50 52 4F 54 4F 43 4F |(PROTOCO|
nsprecv: 4C 3D 54 43 50 29 28 48 |L=TCP)(H|
nsprecv: 4F 53 54 3D 38 35 2E 38 |OST=85.8|
nsprecv: 31 2E 34 36 2E 31 34 35 |1.46.145|
nsprecv: 29 28 50 4F 52 54 3D 31 |)(PORT=1|
nsprecv: 36 33 30 29 29 29 00 00 |630)))..|
nsprecv: normal exit
nscon: got NSPTCN packet
nsconneg: entry
nsconneg: vsn=313, lov=300, opt=0x0, sdu=2048, tdu=32767, ntc=0xc60e
nsconneg: vsn=310, gbl=0x1, sdu=2048, tdu=32767
nsconneg: normal exit
nscon: got 212 bytes connect data
nscon: exit (0)
nsdo: nsctxrnk=0
nsdo: normal exit
nsevdansw: exit
nttctl: entry
nttctl: Clearing non-blocking mode
nsevwait: event is 0x20, on 1
nsevwait: 1 posted event(s)
nsevwait: exit (0)
nfpgsev: # event connections = 1
nfpgevh: entry
nfpgevh: event on cxd 0x12a007c (or cid 1)
nfpgevh: event flags = 0x20
nfpgevh: async nsanswer is complete
nttaddr2bnd: entry
nttaddr2bnd: exit
nsrefuse: entry
nsdo: entry
nsdo: cid=1, opcode=67, bl=0, what=10, uflgs=0x0, cflgs=0x3
nsdo: rank=64, nsctxrnk=0
nsdo: nsctx: state=2, flg=0x4204, mvd=0
nsdo: gtn=270, gtc=270, ptn=10, ptc=8163
nscon: entry
nscon: sending NSPTRF packet
nspsend: entry
nspsend: plen=12, type=4
nttwr: entry
nttwr: socket 220 had bytes written=12
nttwr: exit
nspsend: 12 bytes to transport
nspsend: packet dump
nspsend: 00 0C 00 00 04 00 00 00 |........|
nspsend: 22 00 00 00 00 00 00 00 |".......|
nspsend: normal exit
nscon: exit (0)
nsdo: nsctxrnk=0
nsdo: normal exit
nsclose: entry
nstimarmed: entry
nstimarmed: no timer allocated
nstimarmed: normal exit
nsdo: entry
nsdo: cid=1, opcode=66, *bl=0, *what=0, uflgs=0x0, cflgs=0x2
nsdo: rank=64, nsctxrnk=0
nsdo: nsctx: state=2, flg=0x4200, mvd=0
nsevunreg: entry
nsevunreg: cid=1, sgt=0, rdm=0
nsrah: entry
nsevunreg: 1 registered connection(s)
nsevunreg: normal exit
nsbfr: entry
nsbaddfl: entry
nsbaddfl: normal exit
nsbfr: normal exit
nsbfr: entry
nsbaddfl: entry
nsbaddfl: normal exit
nsbfr: normal exit
nsdo: nsctxrnk=0
nsdo: normal exit
nsclose: closing transport
nttdisc: entry
nttdisc: Closed socket 220
nttdisc: exit
nsclose: global context check-out (from slot 1) complete
nsnadisc: entry
nsbfr: entry
nsbaddfl: entry
nsbaddfl: normal exit
nsbfr: normal exit
nsmfr: entry
nsmfr: 1712 bytes at 0xf2fa08
nsmfr: normal exit
nsmfr: entry
nsmfr: 420 bytes at 0xf1d3b8
nsmfr: normal exit
nsclose: normal exit
nsrefuse: exit (0)
nfpgevh: exit
nfpgsev: waiting for an event
nsevwait: entry
nsevwait: 1 registered connection(s)
nsevwait: 0 added to NT list for 0x8
nsevwait: 0 pre-posted event(s)
nsevwait: waiting for transport event (0 thru 0)...
ntctst: size of NTTEST list is 1 - not calling poll
sntseltst: Testing for CONNECTIONS on socket 192 -
Thinkserve​r TS430 management software
Hello members
I have a ThinkServer TS430 that is on a domain and I am getting an amber light on the front of the server indicating a system error has accrued. I tried to install the ThinkServer Management software but it told me that it is not recommended to install on a domain controller. How do I find out what the problem is with the server? Is there any other tools available that will work on a domain controller?
Thank you for your helpYou can install EasyManage on any other system. We discourage you from installing on a DC, however. Your workstation, for example, would be more appropriate. You can also hit the management interface (HTTP) directly to see the contents of the error log. Instructions are in the documentation on how to connect to the ThinkServer Management Module via any browser.
Cheers!
Regards,
Nathan Miller
Enterprise S&P Product Manager
Enterprise Systems Group
Lenovo
ThinkServer is now on Twitter. We want to hear from you.
https://twitter.com/lenovoserver -
This whole situation first started with a complaint from my ISP that it appeared I had a trojan virus... around 1100-1200 messages per hour were being run through their servers via my account. I have also Anti-Virus enabled, so I was left scratching my head...
No viruses found on a full scan - so I started watching processes and connections. This nmbd process is suspicious... I don't run windows file sharing, nor have I ever. This just popped up recently. I also had two mac tech support calls, and one to Symantec - and it ran fine for a couple of days - but it's back again.
What is this, and how can I find the culprit, and remove it permanently...?
Thanks in advance for any advice!
--JeffThanks Thomas, appreciate the insight! Thanks for taking the time to help me think through this...
I have reset the password twice now...
It's only impacting one account, and the ISP says it's local to me - somewhere on my local network.
I do have a few devices on my home network. The only one with windows is my macbook air running parallels. I just use this to browse some web projects I work on (view in IE to make sure everything is looking like it should).
The passwords I have used both times - they were ones set by my isp - the type you can't remember, they seem rather strong (upper/lower case letters, numbers, symbols). That's what leads me to believe it's also local - something on my machine. And it only seems to be impacting one email account (I have 5 running in Mac Mail).
WiFi network is protected by WPA2 - just checked to be sure. All good there.
Now, in Norton Firewall log - I can see incoming and outgoing connections via Windows File Sharing/nmbd.
The reason I feel/felt that this is related to the spam sends is that once I saw the number of connects, and roughly equals the number of sends per hour of spam - I stopped the process with the firewall and suddenly my isp says the spam sends stop. That led me to believe they are related. Perhaps this virus or malware has spoofed it's name and is identifying itself as nmbd? I have no idea. Just scared to turn it all off just yet.
I did notice that Moutain Lion does not run this... (nmbd).
I did wonder about the Air sending something off of windows - but this all happened while it was off, laying on the desk next to me. It rarely gets used unless I'm testing or traveling.
I can understand nmbd being useful part of the system, I cannot understand how it would be very useful if I didn't turn it on, it connects at that frequency, and I don't have file sharing enabled. That's why I am hesitant to turn Norton off, and hope that everything just goes away. I want to try and get this problem figured out as simply turning Norton off doesn't seem like I'm taking steps to eliminate the problem. Perhaps Norton is causing other issues - and I'll be removing the software asap - but want to make sure the spam sends cease.
Let me know if that sparks any ideas... Thanks again!
--Jeff -
Firewall log - what's this mean?
I had a hardware router/firewall and IP address server, just down stream from my cable modem until that device died this week. I've reconfigured what I had to use my Airport Graphite to distribute IP addresses and share a single IP address for all the devices on the home network "using NAT and DHCP" and connected 2 computers and a network printer with a simple Ethernet switch/hub. (BTW, this provides noticeably faster speed to the internet!) I already had the OS 10.4 firewall turned on in the 2 MacBooks, but I also now enabled Stealth Mode and for the first time "Firewall logging."
So I later looked in the log file and I find:
"Jan 8 20:49:31 Michaels-MacBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.8:52066 from 74.125.19.104:80
Jan 8 20:49:31 Michaels-MacBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.8:52066 from 74.125.19.104:80
Jan 8 20:49:33 Michaels-MacBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.8:52066 from 74.125.19.104:80
Jan 8 20:49:33 Michaels-MacBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.8:52066 from 74.125.19.104:80"
10.0.1.8 is the IP for this MacBook. I think this says I'm being scanned by someone attempting to use port 52066 (???), from some other computer named 74.125.19.104 port 80 - is that correct? Should I be worried? Is there something else I should enable or disable? Naturally, I turned on the minimum number of services in the Firewall. BTW, how could I find out who/where 74.125.19.104 is? This went on for about 3 minutes last night but seems to have stopped now.
I think this also makes me believe I should go back to a hardware firewall upstream, right at the 'port of entry,' but I don't see much for sale these days (at home prices) that is a true firewall. I know a new Airport Extreme Basestation says it has a "built-in firewall" but I can't find any information about that feature, ie is it more than just NAT translation? Does anyone have a recommendation for a reasonably priced, easy to set up and manage firewall?
thanks!I have Snort NIDS running on my computer and get port scans similar to this reported to me all the time from numerous websites - for example, from these very discussions.apple.com forums. Port 443 is a server https port, your port 49235 is in all likelihood the randomly created outbound port that you initially established a web browsing connection with, hence, assuming this to be an established connection, it would have been forwarded through your router to your computer (to your 192.168.x.x address). This IPA belongs to akamai.com, I think they handle a lot of online purchasing and online billing stuff and stuff that requires logging in in some manner or another -- were you paying bills or buying something online or in an authenticated website at the time this occurred?
I don't understand why these port scans from established connections to reputable web servers happen, but I don't believe them to be abnormal. Perhaps someone who is a subject matter expert in enterprise-class web servers could weigh in here and explain what may be going on here. -
AP541N Management Software?
Hi is there any management software available to manage 5 or so AP541N running across a WAN. Eg we have a couple of VAP's setup on each access point 1 for staff and 1 for guests. I would like to be able to change all the WPA Personal guest access password centrally rather than having to log onto each box and edit it manually.
Thanks
ColinHi Colin, there is not any supported software from Cisco for these units. I know CCA can detect the AP for the topology but I don't think you can actually manage them from there.
If these AP's are installed at one location, you could cluster them and with any change made to one AP all the AP's will reflect the changes automatically.
-Tom
Please rate helpful posts -
Alternatives to download management software
I understand companies like to do things "their way" and I understand that proprietary download management software for products is good for some but not others. Has adobe completely abandoned the option of downloading individual self executable Trial software? I think it's a really stupid and unnecessary move if so. Why not offer both options to customers. Think about it Adobe. Think about it for more than 5 minutes please. This is not asking for the moon here.
Thanks.Thanks. Appreciate the response, but I've been trying to download direct links on prodesigntools while logged into my adobe account and all I get is this message repeatedly:
Access Denied
You don't have permission to access "http://trials3.adobe.com/AdobeProducts/PPRO/8/win64/PremierePro_8_LS20.7z?" on this server.
Reference #18.4ebd3b17.1429927151.2b629dc2
Update: I seem to have found a way to get this method working okay. Thank you very much for posting some helpful info. Means a lot. -
Sun Storage Common Array Manager software
trying to configure two storage arrays and cannot find the original disks
found the website with link to the Sun Storage Common Array Manager software
http://www.oracle.com/us/products/servers-storage/storage/san/fc/common-array-manager/resources/index.html
but it is a dead link...
now i need this software or the two storage arrays cannot be reconfigured
maintenance for them have lapse so my oracle support is not an option
any links to be able to obtain the software... doesn't matter even if older version... doesn't need to be latestNo Good, everytime i go to the download section for software relating to hardware i keep getting asked to
Add Support Identifiers …
just a log in account isn't good enough
so back to my original problem, even though we own the equipment outright, they are essentially a couple of expensive paperweights
it shouldn't be that hard to obtain even an older version of this necessary piece of software?
is it possible to obtain support identifiers for sun hardware with expired maintenance? maybe that will allow me to at least download the version of the software that was available at the time of expiration? -
Lenovo Power Manager Software - MDT Task Sequence
I'm working in an environment which does Operating System Deployment via SCCM 2007 SP2 R2 with MDT 2010 Update 1 Integration. I have an MDT Task Sequence that deploys my captured Windows 7 WIM file to predominantly Lenovo laptops (98% Lenovo fleet too). Part of this Task Sequence uses rules to specifically target drivers and applications to individual models. I'm am having GREAT difficulty in getting the Lenono Power Manager software (V3.31) to install as part of the Task Sequence.
The summary of the story is as follows:
Lenovo Bluetooth software is installing OK (msiexec /i Win32\BTW.msi /t 1033.mst /qb-)
Lenovo Hotkey software is installing OK (SETUP.EXE /S)
I've put logs for the Power Manager installation, and there are no errors i.e. it "seems" to install OK (SETUP.EXE /S)
I can advertise the Power Manager software POST image and it installs and works OK
Applications in the Task Sequence run in the order of Power Manager, Bluetooth, Hotkeys.
That hopefully provides the information for someone to maybe shed some light. It's a little frustrating given that the package actually will successfully install. I'm almost to the point where I want to try and create a collection with rules to populate it with Lenovo laptops and then mandatory install it. It's not a critical application - it would just be nice to have.
Solved!
Go to Solution.I did some more searching and found this method to do it - http://www.windows-noob.com/forums/index.php?/topic/1231-os-deployment-and-lenovo-computers/. I used the idea of creating a Task Sequence step to copy the files locally, followed by a step to install it from the local files. It worked fine for this. If anyone has a "cleaner" method though, let me know.
-
We currently have a PIX firewall and I am wondering what would be a good real time log anaylzer. Currently we are using ManageEngine's Firewall Analyzer but have run into some issues with the product.
ThanksCraig,
Thank you for the post. I believe you must have used Firewall Analyzer's basic edition (Firewall Analyzer 4), and the application has reached various milestones in the past. The latest version of ManageEngine Firewall Analyzer is 7.2
The product almost support all the leading vendors in the industry. Our application is segregated in to the three categories and they are,
1.Traffic
2.Security
3.Management
1. Traffic Statistics:
This will give you the complete bandwidth information that was transacted through out the network with multiple drill analysis such as Source, Destination, Protocol, Hits, Bytes Sent, Bytes Received etc.
You can even do capacity planning and forecasting with the product.
2. Security Statistics:
Security Statistics (Reports) will display all malicious events in your network. It will help you to know the various threats and attacks to the company from outside to inside and vice versa.
3. Management Statistics:
This will help you to do audit and security configuration analysis which includes change management, compliance report. This will point out the loop holes of the network and assist you to fix it.
Why Firewall Analyzer?
Support for Firewall and security devices from multiple vendors
Real-time bandwidth monitoring
Employee internet usage with URL monitoring
Real-time alerting
Firewall Change Management reports
Security Audit & Configuration Analysis reports
Diagnose live connections
Capability to view traffic trends and usage patterns (Capacity Planning)
Powerful search for forensic and security analysis
Multi-level drill down into top hosts, protocols, web sites and more
Network security reports
Firewall compliance reports
Flexible and secured log data archiving
Rebranding, User based views and dashboard for MSSP Support
and more
http://www.manageengine.com/products/firewall/features.html
I recommend you to evaluate the fully functioned 30 days evaluation copy and check if it helps you to acheive your use case.
Regards,
Vignesh.K
Firewall Analyzer -
Call log Manager..?
Hi All,
I am looking for if there are mobile phone software (for symbian obviously) that can log all incoming and outgoing phone calls and transmit the log to file server/mobilephone in real-time (or small delay)?
Ps: I found one but it's for SonyEricsson which is called Call Log Manager...
Thanks
SerhanHi parden,
You can also run : set logging enable
in CUCM Cli mode this will atleast allows you to enable CLI Admin logs
and to check all the logins detail run : show logins
Regards
Spooster -
Hi
I wonder to know what is the enterprise solution for windows and application event log management and analyzer.
I have recently research and find two application that seems to be profession ,1-manageengine eventlog analyzer, 2- Solarwinds LEM(Solarwind Log & Event Manager).
I Want to know the point of view of Microsoft expert and give me their experience and solutions.
thanks in advance.Consider MS System Center 2012.
Rgds -
Lion Battery Management Software seems to be erratic.
The Lion OS X 10.7.2 battery management software appears to be very erratic.
I just brought a new MacBook Pro direct from Apple last week (late 2011, 15", 2.4 GHz, 8 GB 1333 Mhz DDR3, 7500 rpm disc) with Lion OS X 10.7.2 preinstalled, i.e., the latest and greatest. I was only getting 3 hours on a battery charge until it ran out. After searching the forums nothing quite matched (older models, different graphic cards, more constrained systems, Lion software upgrades, etc).
I have the screen brightness set to about 50%, the power option "put disks to sleep whenever possible", and the keyboard set to turn off the light after 30 seconds of non-use. On battery, I have "display sleep" at 6 minutes and "computer sleep" set to 10 minutes. So I am not pushing the power consumption very hard.
I ran a "repair" from the recovery partition and my hard disk had no problems.
So I tried the Reset Power Manager metioned in another thread:
Shutdown
Depress Ctrl+Option+Shift
Power on
Hold for at least 10 seconds
Power on
and that extended my battery charge to 6 hours, not quite the 7 hours advertised. (I even tried it on my mid 2009 Mac Book Pro 13", Snow Leopard OS X 10.6.8 and its battery life was extended by about .67%).
But I started seeing odd reporting in the "time remaining" in the battery icon. The "time remaining" would fluctuate by as much as 20% in a just a few seconds, going either up or down! For example, it would jump from 4 hours to 3 hours, then up to 3.5 hours then up to 4.5 hours, down to 1.3 hours, and back up to 4.0, and so forth whenever I changed the state.
So I watched the "battery charge remaining" over several hours with different states: (WIFI on/off, start/stop applications, turn Thunderbird/Firefox to offline and back to online; Thunderbird is not an issue because I have it set to check for incoming messages every 2 hours not every few minutes) and I monitored using the Activity Monitor and the widget iStat Pro. The cpu was reported to never exceed 2% busy, user+system, and free memory never fell below 5.9 GB with minimwl swapping and paging, i.e. the machine was basically idle even when I had WIFI on with Firefox watching Adobe Flash video from the net, which is purportedly a CPU hog (it is not).
Has anyone else seen this erratic battery software managemt behavior? Does any have an explanation?I noticed in some archived threads that someone suggested changing "time" to "percentage" because "time" remaining is calculated every few seconds and is very sensitive to changes of state as I noted in my post. I don't see that "solution" as much use because it doesn't tell me "percentage" of what? The amount of charge left? What I really what to know is "how long will my charge last?". 70% of 3 hours is something quite different than 70% of 7 hours. It seems to me that the time remaining ought to be calculated less often. The value is reported in hh:mm. I don't see much point in calculating it every few seconds. Once a minute would actually be more accurate.
Maybe you are looking for
-
Encounter error when installing EBS R12.0.4.6 on OEL5.2
Hi, I met a problem when I installed EBS R12.0.4.6 on Oracle Enterprise Linux 5.2. The installation was interrupted in the step 2 of 5. It showed RW-50004 error. Then when I clicked retry button, the installation continued until the post-instll check
-
I can't seem to get my headphones to work on my iPad mini when using iTunes remote. I can stream to any Airplay capable system perfectlyvia Remote and control iTunes on my iMac as advertised. Just want to be able to listen to iTunes on my iPad "wirel
-
I want to know that how to clear the JFrame window, and how to remove the component of the container.
-
File to File Scenario with Secure Connection. Pls help urgent
Hello All, I tried a lot to get a link/blog that expalin full scenario for File to File Scenario with Secure Connection Kindly let me know if somebody have link/doc for it that describe all the steps to do configuring this scenario. What is differenc
-
Hallo friends, after years of using Logic I am trying to set up a Node. Without success What works: a LAN connection between my two Macs. I used automatic configuration, under TCP/IP Configured IPv4 Using DHCP. I can connect to the file server from /