Firewall logging only showing object group names

Similar Messages

• Document Library Custom View "Grouped By" only shows one group

  I have created a Document Library Custom View with the  "Grouped By" option turned on and grouped by a column  called "media type" which has 3 possible choices.  For some reason only the first group is displayed. The other
  groups show that they have items in them but can't be accessed. I have expanded turned on. 
  Here are some screenshots: 

  Hi zaxxon,
  Please check if the above first 6 images (e.g. Managing Threating Confrontations - OneDrive for Business Tutorial)are with value "Training" and "tutorial", if yes, there should be something wrong with the grouped list view of Assets library.
  Based on icons from your image, you should be using Office365 SharePoint Online, I would recommend you post this issue in our dedicated Office365 SharePoint online forum below, and I think fixing this issue would be involving back-end support engineer from
  server side.
  http://community.office365.com/en-us/f/156/t/236901.aspx
  Office365 SharePoint Online forum
  Thanks
  Daniel Yang
  TechNet Community Support

• I got Code and Name in dropdown list of domain-based, how can I only show code without name in MDS excel add-in?

  Hi,
  We can use the setting on MDS webpage's Explorer to change the result of display.
  From Code{Name} to only display Code or Name{Code}
  How could I change the result of display like MDS webpage's Explorer in MDS excel add-in?
  We want the dropdown only show Code in it without Name even do not display symbol of {}.
  Thanks in advance for the help.

  Hi,
  To the best of my knowledge that's not possible.
  You should try to leave some feedback on this part of the product at connect.microsoft.com
  Regards, Fredrik

• ASA - logging via radius with group name passed.

  Hi,
  I'm trying to setup ASA5520 with Radius to authenticate users with group
  privileges.
  Useing Radius with ASA to authenticate users is quite simple. When I try
  to pass from asa tunnel-group name (with group-policy and attributes
  attached) there is a problem that ASA dosn't pass any group name to
  radius.
  Is there any way to overcome it?
  What I want to do is to apply different policies to username depending
  with what tunnel-group name he logs in to webvpn. I assume one user may
  be member of different groups.
  br
  Marcin

  It's possible.
  Differentiate your privileges and restrictions based off of group-policy, not the tunnel-group. Keep your default WebVPN tunnel-group, and do not specify a default group policy for this tunnel-group.
  Create separate group-policies that differentiate what links different groups of users should be presented with. If you're using ACS, link your Cisco Secure Groups to groups in Active Directory (or other method of directory services). The Cisco Secure Groups should then be configured to pass specific RADIUS attributes, such as the "Class" attribute #25. ACS will then tell the ASA to place the user (from Active Directory) into a specific group-policy, which you can then limit URL's shown with the url-list command.
  Long winded, I know...any questions, please ask.

• Server 2008R2 with AD DNS Panel not showing any records only shows the zone name

  Hi All new to the Form.  We have had this new domain controller running dns for a few years now and recently I went to edit some DNS records and found them missing in the DNS console the zone names are there but nothing is under the zones just one record
  for the server under our AD domain. If i do a nslookup to this server it still displays the records as it should. It is also setup to forward the zones to a secondary server which is only pulling info from this Master 2008R2 server. Any ideas where i can try
  and recover the records for my Zones.
  Thanks

  Hi,
  According to your description, there are several possible reasons resulting in the DNS records disappearing.
  1. If the aging and scavenging was configured in the DNS server, scavenging can cause records to disappear. Even Windows-based computers that have statically assigned servers register their records every 24 hours. Verify if the
  No-refresh and Refresh intervals are too low. For example, if these values are both less than 24 hours, then we will lose DNS records. To view the settings, right-click the zone in the DC, click
  Properties, click Aging.
  2. Is there a DHCP server in your environment? DNS Dynamic Update Protocol updates to existing records fail can also cause them to be deleted by the scavenging process as aged records.
  Also, event logs are helpful to isolating the issues. Is there any event logs in your computer?
  For more details about DNS records disappearing, please refer to the link below,
  DNS Records Disappearing and DNS Auditing
  http://msmvps.com/blogs/acefekay/archive/2010/12/09/dns-records-disappearing-and-dns-auditing.aspx
  Using AD Recycle Bin to restore deleted DNS zones and their contents in Windows Server 2008 R2
  http://blogs.technet.com/b/askds/archive/2010/08/12/using-ad-recycle-bin-to-restore-deleted-dns-zones-and-their-contents-in-windows-server-2008-r2.aspx
  Best Regards,
  Tina

• I try to open facebook, but only show me my name and picture profile this it , no friends list , no games , no nothing , how i fix this?

  firefox was working fine , but in last 3 days i can't check any information in my facebook account , just show me: name , photo profile and commands in the top of the screen , the rest blank

  * "Clear the Cache": Tools > Options > Advanced > Network > Offline Storage (Cache): "Clear Now"
  * "Remove the Cookies" from sites that cause problems: Tools > Options > Privacy > Cookies: "Show Cookies"
  Start Firefox in [[Safe Mode]] to check if one of the add-ons is causing the problem (switch to the DEFAULT theme: Tools > Add-ons > Themes).
  * Don't make any changes on the Safe mode start window.
  See:
  * [[Troubleshooting extensions and themes]]
  * [[Troubleshooting plugins]]
  If it does work in Safe-mode then disable all extensions and then try to find which is causing it by enabling one at a time until the problem reappears.
  * Use "Disable all add-ons" on the [[Safe mode]] start window to disable all extensions.
  * Close and restart Firefox after each change via "File > Exit" (Mac: "Firefox > Quit"; Linux: "File > Quit")
  See also:
  * http://kb.mozillazine.org/Websites_look_wrong
  * [[Websites look wrong]]

• Audit Logs only show ID essadmin

  We have a planning application with two databases. There are times that I'd like to know who kicked off a business rule or loaded data. When I view the application log, every entry is made with the essadmin ID. Is there any other kind of auditing we can do?

  Hi,
  When planning communicates with essbase it uses the admin account that is defined in the datasource setup.
  To find out who ran business rules and at what time etc then have a look for hbrlaunch.log, if you are on windows it will be in C:\windows\system32
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Showing Group Name in Email 'To' Box

  I want to send mail out to a group I've created in Address Book, but I want all recipients Blind Copied. Is there anyway I can set up Mail to show the Group Name in the 'To' box?

  Rob,
  I don't think so, but I think this too depends upon what the particular SMTP does when you send. The Group name, as you may have noticed, does appear in the copy of the message in your Sent mailbox. I haven't tried this with every SMTP I have available, because many of them do not allow the number of recipients in some of my groups. If I get a chance, I will test with other SMTP and small groups.
  Ernie

• Gnome-globalmenu only shows app name - no menus

  Hi,
  I installed gnome-globalmenu from the AUR, but it only shows the app name ("Thunar", "Mousepad", etc), but no menus. I have tried this with xfce4-panel and gnome-panel.
  What am I doing wrong?
  Thanks!
  -- MrAllan

  Amanda20132,
  which version of OS X is installed on your MacBook Pro?

• HT5463 my phone log also shows the call that made it through only called once...shouldn't it have shown twice?

  iphone 5 issue with DO NOT DISTURB feature.  Feature is ON, allowing FAVORITES to be able to call, I RECEIVED A TELEMARKETING CALL THAT BYPASSED THE SETTING as my phone log only shows they called once and the phone rang and I answered.  Shouldn't the phone log show they called twice?  Otherwise I have to consider this another failure by Iphone 5.

  Here's an update. I just did the Disk Utility tests, of basically all the elements that appear on the left of the window (3 available selections), including the Macintosh HD one. They all passed the verifying and repairing processes, no warnings or errors whatsoever. Yay. The point is, yesterday I was looking at my photos from the Finder. I wasn't doing anything at all, really, not even moving the cursor, when I suddenly heard the HDD making the working-noise without stopping, just that constant scratchy noise. This went for something like 7 seconds straight, and at the very next moment, it started making a consecutive and tempoed stream of this same sound, but a little bit less intense, with interlapses of about a sec. This continued for about a whole minute. I'd like to know if things are really fine.
  As I previously described, the guys at iShop almost don't want me there anymore, or at least that's what their distanced attitudes get my into thinking. I visited the place some days ago, to look at the new iPod Touch pretty quickly, and I clearly felt that the guards were watching me closely, you know, with a hostile mannerism, the kind of stance that you use, with arms folded, to look kind of intimidating. I really didn't do anything to deserve that paranoic and ridiculous behavior. What happened was, a bit hottened discusion with the manager, when I was telling him I needed a replacement, and he really wasn't giving me an empathetic and understanding attitude.
  If a call to Apple Support is required soon, and my computer needs to be repaired or the HDD replaced, they'll most likely send me there, since it's the most prominent place of recommendation. Sincerely speaking, they do seem like the most prepared personel, and they aren't great per se. If that is so, I really, really hope that the hard drive is the only part or detail that needs some technical considering, and deserves my stress.
  Thanks for your consideration, so far so good.

• What object group a port is in?

  The following does not help:
  ASA# sho run object-g | in 1433
  port-object eq 1433
  service-object tcp eq 1433
  port-object eq 1433
  ASA# sho run object-g service | in 1433             
  port-object eq 1433
  service-object tcp eq 1433
  ASA# sho run object-g | be 1433       
  port-object eq 1433
  ASA# sho run object-g | grep 1433
  port-object eq 1433
  service-object tcp eq 1433
  port-object eq 1433

  Here's the command to find the object group name a port is in:
  ASAXXX# show run object-group | in object-group | time-exceeded
  object-group icmp-type ICMP_SVCS
  icmp-object time-exceeded
  Now you can find what else is in that object group:
  ASAXXX# sho run object-group id ICMP_SVCS      
  object-group icmp-type ICMP_SVCS
  icmp-object echo-reply
  icmp-object unreachable
  icmp-object echo
  icmp-object time-exceeded
  icmp-object traceroute
  and the access-list that object group is being used in:
  ASAXXX# sho access-list | in ICMP_SVCS
  access-list Access_List_Name line 5 extended permit icmp object-group ABCD object-group WXYZ object-group ICMP_SVCS
  So if you know a port number, you can quickly find out what object group and what access list is allowing that port.

• EEM to update an object group

  Hello Cisco!
  I've been playing around with EEMs on and off for a few months now, and I'm enjoying it quite a bit! A recent issue at work got me thinking, and I thought I'd try and solve the problem with a new EEM. It's really quite simple, but I'm having trouble getting it to work as intended.
  Device Specs:
  On a CISCO881-SEC-K9 running:
  Embedded Event Manager Version 4.00
  Component Versions:
  eem: (rel6)1.0.0
  eem-gold: (rel1)1.0.2
  eem-call-home: (rel2)1.0.4 
  Problem:
  I'd like to create an EEM that checks the IP of a website a few times a day, and cross references the results with the IPs listed in an object group. If the new IP isn't listed, it will add it to the object group. If it is detected, it won't do anything. (I have this e-mailing either way right now, to assist me with debugging)
  Reasoning:
  I'd like to see if this is something I can do with an EEM. It would be nice to have something dynamically configured to make updates like this. At the end of the day, It mimics a feature on some firewalls. I'd like for this to get around the limitations of a static ACL entry. I haven't looked into TCL scripting, as It would be a new language that I'd have to learn. The beauty of EEM, is that it builds off of what a technician already knows. If you understand IOS, EEM is relatively easy to pickup and run with.
  Side Note: If you see something in my script that could be consolidated, or just doesn't make much sense; please let me know. There is a really good chance that I don't know of the alternative method. This is especially true in terms of my regular expression knowledge. That's an ongoing battle :)
  Thanks in advance everyone.
  Your assistance and constructive criticism is more than welcome and is greatly appreciated.
  Here is what I have right now:
  event manager applet update_my_object_group
   event timer cron cron-entry "* * * * *" maxrun 9999999
   action 1.0 cli command "enable"
   action 1.1 cli command "ping www.google.com"
   action 1.2 wait 5
   action 1.3 regexp "to ([0-9.]+)," "$_cli_result" match new_ip
   action 1.4 cli command "show object-group self_building"
   action 1.5 regexp "([0-9.]+)" "$_cli_result" match current_ips
   action 2.0 if $new_ip ne "$current_ips"
   action 3.0  cli command "conf t"
   action 3.1  cli command "object-group network self_building"
   action 3.3  cli command "host $new_ip"
   action 3.4  cli command "end"
   action 3.5  cli command "show object-group self_building"
   action 3.6  regexp "([0-9.]+)" "$_cli_result" match new_current_ips
   action 4.1  mail server "$_email_server" to "$gmail" from "$_email_from" subject "EEM: Successfully Updated Object Group" body "Added new IP: $new_ip\n to Object Group: self_building\n $current_ips"
   action 5.0 else
   action 5.1  mail server "$_email_server" to "$gmail" from "$_email_from" subject "EEM: Object Group Failure" body "I couldn't update the object group: self_building. Debug:\n New IP: $new_ip\nCurrent: $current_ips\nWhat it is now: $new_current_ips"
   action 5.2 end
  Here is an example I built up for a single ACL. Same concept, just a single line gets updated. I was using this as a reference for my object group script.
  event manager applet update_my_acl
   event timer cron cron-entry "0 * * * *" maxrun 9999999
   action 1.0 cli command "enable"
   action 1.1 cli command "ping www.msn.com"
   action 1.2 wait 5
   action 1.3 regexp "to ([0-9.]+)," "$_cli_result" match new_ip
   action 1.4 cli command "show access-lists | sec test_acl"
   action 1.5 regexp "10 permit tcp any host ([0-9.]+) eq www" "$_cli_result" match current_ip
   action 2.0 if $new_ip ne "$current_ip"
   action 3.0  cli command "conf t"
   action 3.1  cli command "ip access-list extended test_acl"
   action 3.2  cli command "no 10"
   action 3.3  cli command "10 permit tcp any host www.msn.com eq www"
   action 3.4  cli command "end"
   action 4.0  cli command "show access-lists | sec test_acl"
   action 4.1  mail server "$_email_server" to "$_email_to" from "$_email_from" subject "EEM: Successfully Updated ACL" body "New IP: $new_ip\nOld IP: $current_ip"
   action 5.0 else
   action 5.1  mail server "$_email_server" to "$_email_to" from "$_email_from" subject "EEM: ACL NOT updated" body "New IP: $new_ip\nOld IP: $current_ip"
   action 5.2 end

  Thanks for the review!
  Well, it's technically "working", but not in the way that it's designed. It checks the object group, but it only finds  the first IP listed. I'll provide you with the object group it's generated so far, and what I'm receiving in my e-mails.
  (I don't think my regular expressions are working correctly.)
  The Object Group:
  object-group network self_building
   host 10.9.8.20
   host 74.125.225.114
   host 173.194.46.115
   host 74.125.225.148
   host 173.194.46.116
   host 173.194.46.112
   host 74.125.225.81
   host 74.125.225.83
   host 173.194.46.84
   host 74.125.225.17
   host 74.125.225.20
   host 173.194.46.80
   host 74.125.225.19
   host 173.194.46.83
   host 173.194.46.114
   host 74.125.225.116
   host 74.125.225.51
   host 74.125.225.52
   host 173.194.46.113
   host 74.125.225.145
   host 74.125.225.144
   host 74.125.225.49
   host 74.125.225.82
   host 74.125.225.146
   host 74.125.225.84
   host 74.125.225.112
   host 173.194.46.82
   host 173.194.46.81
   host 74.125.225.18
  Here are the successful e-mails sent to me. As you'll see, I've had the EEM include the $current_ips in the e-mail. This should be all of the IPs in the group, but it's just the first one listed (found). So, because it doesn't match, it adds the newly found IP to the group. 
  But, as you can see in my emails, that IP has been found before and added already. The desired behavior is it for it to see that the entry already exists, and not apply it.
  Edit: Thought this would help:
  Step 1: Ping www.google.com.
  Step 2: Use regular expression to capture the IP found.
  Step 3: Run a show command, and find all of the IPs currently listed inside the object group: self_building
  Step 4: Cross reference the newly found IP, with the IPs found in the object group.
  Step 5: If it's already there, then discard it and end the EEM.
  Step 5 (a) If it's not there, then add it to the object group, and then end the EEM.
  Thanks again!

• Why Are There Multiple Instances Of Firefox Preparing To Access Internet According To Firewall Log When I'm Not Launching Them And Nothing Appeared On My Screen

  I had closed Firefox after briefly running it and then tried to reopen it anew but got a message that said "Firefox is already running but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system."
  I logged off my computer, and later restarted. However, when I checked my Firewall log it showed that during the minute I had my computer on earlier there were about a dozen instances of "Firefox is preparing to access the internet" which were recorded just seconds apart.
  I don't have the problem now -- restarting apparently took care of the issue -- but I don't understand why there were so many instances of Firefox preparing to access the internet when I was not clicking on it all those times, the one time I did I got a message that it already was running, and there were no tabs on my screen to reflect all those supposed instances.
  Thanks for any insight that folks can offer.

  Were that Firefox processes or plugin-container processes?
  *http://kb.mozillazine.org/Plugin-container_and_out-of-process_plugins
  *https://support.mozilla.org/kb/What+is+plugin-container
  In case you are using "Clear history when Firefox closes", try to exclude the cookies in case you currently have selected this.
  *Tools > Options > Privacy > Firefox will: "Use custom settings for history": [X] "Clear history when Firefox closes" > Settings
  *https://support.mozilla.org/kb/Clear+Recent+History
  Note that clearing "Site Preferences" clears all exceptions for cookies, images, pop-up windows, software installation, and passwords.
  Firefox will try to remove cookies created by plugins in case you clear the cookies and that can result in plugin-container processes getting created.

• Firewall Log Entries

  My firewall log is showing strange activity on my computer.
  I am seeing these entries:
  Dec 13 09:29:39 TheMacPro Firewall[84]: Allow Transmission connecting from xx.xx.xx.xxx:34762 to port 56202 proto=6
  ...and on and on, about 1,000 entries like the one above (but with different IPs). This goes on and on for days, then repeats as the log gets cleared (after 1000K worth of log entries).
  I've Googled the IPs and most of them resolve to strange places, such as New Dehli, Saudi Arabia, and so on.
  Doesn't sound good. Is there a way that I can trace what process on my computer is talking to these IPs?

  Ahhhhhhh...that's gotta be it!
  Um, I mean no, I did not have relations with that application.
  Thanks!

• In FF5, my 2 Gmail accounts log off randomly, then both tabs show same gmail 'name' asking to log back in, instead of 1 gmail name in 1 tab & the other gmail name in 2nd tab, as were originally logged in! Help, please..

  New Acer desktop, loaded FF5 yesterday. I keep personal & professional Gmail both open at same time (worked fine in earlier FF versions). Today, both Gmails log themselves off at random & ask for log-in. But then both tabs either show personal Gmail name or show profl Gmail name ! Also signs me out of Google Reader & Calendar (both logged in w/ personal Gmail account), then gives prof Gmail name to sign back in (which won't work, of course). HELP!

  instead of adding more to the already long post, I add via replying to myself:
  writing about the issue made some things more clear, so I looked and found this:
  http://lists.debian.org/debian-user/201 … 00474.html
  which looks like my issue.
  I went and tried - and a variation of it works.
  1.) I log out
  2.) GDM gets restarted - inittab method
  it gets restarted at VT8 - it was at VT7
  3.) I go to another VT - like VT1 - and log in as root
  4.) I find the pid of consolekit with:
  ps aux | grep console
  and kill it
  kill -9 <PID>
  5.) I restart GDM - which will be at VT7 now, as it should
  and then go back to VT1, because I'll be at the GDM-login screen at VT7 now...
  6.) I find and kill consolekit _again_
  7.) I can now switch to VT7 with GDM running and log in as it should be
  console-kit-daemon will be started _again_ automatically
  It seems it gets re-started at the wrong place - or with the wrong options
  I always see it running like:
  root 6439 0.0 0.3 17432 2768 ? Sl 17:18 0:00 /usr/sbin/console-kit-daemon --no-daemon
  Maybe it is the "--no-daemon" option? Or that it should not be started by GDM but only afterwards, by the Gnome-session?
  ...or something else...
  It is not a solution really, since all this takes as much time as restarting the whole system, but without all the typing and killing and switching back and forth to consoles...but it works.
  What is happening here? Is this normal? Where could my misconfiguration be?
  Cheers
  Last edited by jomen (2010-09-27 15:48:11)