GG Event Action
Hi,
We have tried to store the some token value in file , for that we have written simple shell script, When ever any insert happen in one of the table the optype and table name will be stored in text file.
For that we have used the below parameters in replicat param,
map src.ggtest, Target tgt.ggtestval , EVENACTIONS (SHELL "/export/ggate/value_acc.sh $v1 $v2", var $v1 = @GETENV ("LASTERR", "OPTYPE") , var $v2 = @GETENV ("GGHEADER", "TABLENAME")) ;
This has to insert operation type and table_name values in to one of the test file, this is working fine in windows goldengate environment , But when we tried the same in solaris/unix its throwing error like ." var invalid option for EVENTACTION parameter", Can any one help to resolve this , we have tried below options but no luck
map src.ggtest, Target tgt.ggtestval , EVENACTIONS (SHELL ("/export/ggate/value_acc.sh $v1 $v2", var $v1 = @GETENV ("LASTERR", "OPTYPE") , var $v2 = @GETENV ("GGHEADER", "TABLENAME"))) ;
map src.ggtest, Target tgt.ggtestval , EVENACTIONS (SHELL ("/export/ggate/value_acc.sh $v1 $v2"), var $v1 = @GETENV ("LASTERR", "OPTYPE") , var $v2 = @GETENV ("GGHEADER", "TABLENAME")) ;
map src.ggtest, Target tgt.ggtestval , EVENACTIONS (SHELL "/export/ggate/value_acc.sh $v1 $v2, var $v1 = @GETENV ("LASTERR", "OPTYPE") , var $v2 = @GETENV ("GGHEADER", "TABLENAME")") ;
If i call only the shell script or static arguments then its working fine like,
map src.ggtest, Target tgt.ggtestval , EVENACTIONS (SHELL "/export/ggate/value_acc.sh" );
and
map src.ggtest, Target tgt.ggtestval , EVENACTIONS (SHELL "/export/ggate/value_acc.sh VAL1 VAL2" ); -- these VAL1 and VAL2 keyword stored in text file. but if we tried to get the dynamic value (@GETENV ("GGHEADER", "TABLENAME"), then its not working please advice how to pass the tokens value as a arguments in to shell script in eventactions.
Thanks,
We are missing the braces.
Change
map src.ggtest, Target tgt.ggtestval , EVENACTIONS (SHELL "/export/ggate/value_acc.sh $v1 $v2", var $v1 = @GETENV ("LASTERR", "OPTYPE") , var $v2 = @GETENV ("GGHEADER", "TABLENAME")) ;
as
map src.ggtest, Target tgt.ggtestval , EVENACTIONS (SHELL ("/export/ggate/value_acc.sh $v1 $v2 ",VAR $v1 = @GETENV ("LASTERR", "OPTYPE") , VAR $v2 = @GETENV ("GGHEADER", "TABLENAME"))) ;
i tested it in-house on v11.2 though and it works fine for me
map hr.tcustmer, target hr.tcustmer, EVENTACTIONS (SHELL ("./sample.sh $v1 $v2 ",&
VAR $v1 = @GETENV ("GGHEADER", "OPTYPE"),
VAR $v2 = @GETENV ("GGHEADER", "TABLENAME"))
2014-12-18 17:27:20 INFO OGG-01287 Successfully executed shell command './sample.sh INSERT HR.TCUSTMER '.
2014-12-18 17:27:20 INFO OGG-05301 Shell command output: 'INSERT HR.TCUSTMER -> echo $1 $2'.
Thanks,
Raj
Similar Messages
-
How to get the table Event action in the controller???
HI
Based on my requirement i have extended my controller,but i want to perform some validation like ,,,,
i have table in one region ,in which one column is having a Button (flex field) action with image,
i want to write the code in the controller according to the validation ,,,,but i am unable to find the event action in the main controller,
how to get the event action ?,,,,, of the item type as image
thanks in advance
KashIf not you can use image component with clientListener and serverListener to preform your requirement set clientListener click event and then inside clientListener java script method call the
serverListener then will execute serverListener method. -
Hello
There's a page which contains the following 3 components: Input textfield, Button, Tree
I made the following settings of them:
I set the "event action" at the tree node, and so did I at the button properties.
When I click on the button, the action runs and set the value of the Input textfield:
�this.i_textField1.setValue("something");� - the Input textfield display it as it should.
When I click on the tree node and the event action runs (it can be tracked in debug mode) which runs �this.i_textField1.setValue('something');�, but the textfield doesn't display it.
Any suggestions?
ThanksThe root problem is that the tree node component always behaves as though it had an immediate property set to "true". You'll get the same behavior from button or hyperlink or any other action component is you set immediate="true". The text field submitted values are not cleared, and so the text field redisplays them instead of the value that is set in code or obtained by evaluating the binding on the session bean.
There is a work-around. There is a page bean method, erase(), which will clear all submitted values. Call this before you set the new values, e.g.:
public String treeNode1_action() {
this.erase();
textField2.setValue("Tree Node");
staticText2.setValue("Tree Node");
getSessionBean1().setTemp("Tree Node");
return null;
[/code
// Gregory -
Extended events /actions definitions
One of the shortcomings I seem to keep stumbling across is that event action definitions are no where to be found. I've been searching for weeks and can't find a resource from Microsoft which helps me understand the official definition for an action.
Has someone here found that resource or know where it is?If you are talking about the descriptions of what they collect, then indeed the DMVs are the best place at hand currently still.
Example query:
-- XE Actions
SELECT dm_xe_packages.name AS package_name,
dm_xe_objects.name AS source_name,
dm_xe_objects.description
FROM sys.dm_xe_objects AS dm_xe_objects
INNER JOIN sys.dm_xe_packages AS dm_xe_packages
ON dm_xe_objects.package_guid = dm_xe_packages.guid
WHERE
(dm_xe_packages.capabilities IS NULL OR dm_xe_packages.capabilities & 1 = 0)
AND (dm_xe_objects.capabilities IS NULL OR dm_xe_objects.capabilities & 1 = 0)
AND dm_xe_objects.object_type = 'action'
If you want to undestand the Extended Events Architecture more deeply I can recommend this article by Jonathan Kehayias:
Using SQL Server 2008 Extended Events
Andreas Wolter (Blog |
Twitter)
MCSM: Microsoft Certified Solutions Master Data Platform, MCM, MVP
www.SarpedonQualityLab.com |
www.SQL-Server-Master-Class.com -
Issue with applying Event Action filters
Dear friends,
A general question on Event Action filters. There is a signature with sig ID 6257.
The following is the event action filter configuration:
service event-action-rules rules0
filters edit DHCP
signature-id-range 6257
subsignature-id-range 0
attacker-address-range 172.20.20.10,172.20.20.11
actions-to-remove produce-alert
filter-item-status Enabled
stop-on-match True
os-relevance not-relevant
exit
Even though a valid DHCP offer is being given by the DHCP server, this alert is getting fired.
We have even excluded the IP's of the DHCP Servers - 172.20.20.10 and 172.20.20.11 from the Attacker Address range parameter in the signature but still this alert gets fired.
evIdsAlert: eventId=1204853641442197329 vendor=Cisco severity=low
originator:
hostId: IDSM2Core1
appName: sensorApp
appInstanceId: 592
time: April 7, 2008 5:46:48 AM UTC offset=180 timeZone=1
signature: description=DHCP Client DoS id=6257 version=S316
subsigId: 0
sigDetails: Server Offered a Malicious IP Address
marsCategory: DoS/Host
interfaceGroup: vs0
vlan: 200
participants:
attacker:
addr: 172.20.20.10 locality=OUT
port: 0
target:
addr: 10.1.1.78 locality=OUT
port: 0
os: idSource=unknown type=unknown relevance=unknown
summary: 4 final=true initialAlert=1204853641442197267 summaryType=Regular
alertDetails: Regular Summary: 4 events this interval ;
riskRatingValue: 25 targetValueRating=medium
threatRatingValue: 25
interface: ge0_7
protocol: udp
Looking forward to your kind help and advise on this.
Thanks a lot
GautamSome things to check:
1) Is the filter in the active list? Filters can be enabled or disabled, but they can also be active ro inactive. You've only show a part of your configuration so I can't tell if the filter is part of the active list.
2) Are there actions other than produce-alert for the signature? Or is an event action override adding other actions?
Produce-alert is not the only action that can cause an alert to be generated. The produce-verbose-alert, request-snmp-trap, log-attacker-packets, log-victim-packet, and log-pair-packets will also cause alerts to be generated. Modify the filter to also remove these actions.
3) The alert you've shown is a Summary Alert. There may be an issue with Summarization and the Filters. Try modifying the signature to set it to FireAll with no summarization.
4) If you have multiple filters then check the order of the filters. If the event is matching an earlier filter where the stop-on-match is set to True, then it will not check the event against this filter. Either move this filter up higher in the filter list, or change earlier filters to be "stop-on-match false".
5) Also check to see if you are running the latest 5.1(7) or 6.0(4) Service pack. If running earlier 5.1 or 6.0 versions you might be hitting a bug that could have already been fixed.
If none of the above help, then contact the TAC. It could be that you may have foung a bug that the sensor development team is unaware of.
To help in identifying the problem take a packet capture of the packets from 172.20.20.10 for several minutes around the time when the sensor is generating these alerts.
This way the team can both check if the signature is firing correctly, and if the filters are working correctly for that signature. -
How to add an Event action filter when victim address is " na "?
Using VMS/IPS MC to add an event action filter. IPS MC requires an victim address in the event action filter, however the alert in Security Monitor has "<na>" as the victim address.
I tried "0.0.0.0 255.255.255.255", which caught the alerts that had victim addresses, but the alerts with victim address of <na> are still being reported.
The signatures are 3250 and 3251 (tcp hijacks).marcabal has posted a very good explanation for sig 3030 here:
http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&type=EmailAFriend&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dd9b49a%2F0#selected_message
It may also explain some of the other problems.
I would like to add that in any field usually means that the signature does not require anything in that field in order to fire, and therefore, it is truly "not applicable". In the referenced post, marcabl indicated that filters should be a little more controllable in version 5.1. However, we haven't upgraded from 5.0 yet so I couldn't confirm that. I would hope that regardless of whether the data is applicable to the signature or not, the sensor would gather and display the information in SecMon.
With 3030, it came down to a question of, "is this signature really helping us keep this network secure?" I pulled a lot of hair out over that signature. -
How many event actions filters a cisco ips can support
we are running cisco ips 7.0(2) E4, and we are planning to tune some of the traffic everyday.......any idea how many event action filters can be applied to a sensor or is there is any maximum limit on the number of filters?
There is no limit to how many event action filters you can configure. I assume that you also know that event action filters is ordered list:
http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_event_action_rules.html#wp2033432
Also, found this bug FYI: bugID: CSCtf78755:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtf78755
(When over 495 event action filters are configured via CLI, it's corrupting "rules0.xml" file)
Hope that answers your question. -
Event Action Filters (difference between column Active & Enabled?)
I have a IPS4260, running v6.0(3).
Under "Configuration" > "Event Action Rules" > "Event Action Filter".
What is the difference between column "Active" and "Enabled"? This is confusing.Event action filters are evaluated in a specified order. Active means that a filter participates in the order. Enabled means that it can perform a filtering action. Use Disable when you want to preserve the order, but not perform the action (e.g. if you want to turn it off for debugging, but want to keep it's place in the list later). Use Inactive when you don't want the filter in the ordering at all (e.g. if you want to keep it as a reminder, but don't plan to use it again). The filter list is displayed by CLI and IDM in logical order - first all of the Active filters in their specified order, and then all of the Inactive filters. I don't think the designers really intended to have 2 similar options; it is more a side effect of the data model used for storing the configuration.
-
AIP-SSM configured with event action "produce alert", but it drop packets
Hi, I configured an AIP-SSM IPS on event action for "Produce Alert", but when fire a signature, it drop the packets. So, what will be the problem?
Try these links:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids11/cliguide/clievact.htm#wp1034058
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml -
T:commandNavigation2: no event/action
Hi, I'm using t:commandNavigation2 together with attribute exernalLink. It works fine. Then I added event/action attributes. They appear just ignored, even if I refer to unexisting bean methods. Any suggestion ?
Thanks.Hey,
solved by setting:
<context-param>
<param-name>facelets.BUILD_BEFORE_RESTORE</param-name>
<param-value>false</param-value>
</context-param>
was true before... don't know why this causes problems and... well it works now that enough for the moment :-)
Regards -
Hello there ,
I am try to do put event action on folder , In other world I want my program watch all time one specific folder and if some file has been add to this folder immediately do something like loading the added file or noticed the file name or etc.
I wrote part for read folder and show all files name but i don`t know how i can add event to that folder . please give some idea or give me reference for it .
Many thanksBlueVirtualWorld wrote:
I wrote part for read folder and show all files name but i don`t know how i can add event to that folder . No. You can't. You will have to instead write a poller which will poll the occurance of new file in the folder. You can also use open source java based poller (like JPoller ) for this. -
How to decide when an a "wait for event action" is activated
Hi,
In the attched example file (which is a part of my program)I have 3 basic stages, enclosed in a sequence structure:
1) I initialize the GUI buttons
2) I check the instruments in my system are opened and ready to run ("VSWR initialize vi")and issue a true/false result.
3) A case structure for normal run or abort operation (if the instruments do not
respond correctly).
4) If everything is ok the user has to scan a S/N using a bar code scanner.
The problem is that when I run the program the EVENT STRUCTURE in the FALSE part of the case is automatically activated, before the VSWR initialize vi is started!
This causes that when the user tries to scan the serial number on the GUI he can only type one character and then the screen is stuck.
If I disable the result from the VSWR initialize vi (as shown on the example) and connect a TRUE constant to the case structure, the event structure is not activated but then of course I can not use the "VSWR initialize vi".
How can I make sure the event structure is activated only after the two first parts are done? That is, in normal order - only after the "VSWR initialize vi" returns a false result.
Note, there's no need to understand each component in the attached file. The question is rather a general one about the right way to synchronize my program.
Can anyone help ?
Thank you in advance.
Attachments:
example.vi 34 KBSaverio already mentione most critical points. here are a few more:
A very ugly quick fix (duct tape repair) is to configure the events to NOT lock the FP until the event completes. I recommend against this.
All your buttons should be latch action. Now you don't need to reset them at the beginning.
Set the "Board SN" string control to "limit to single line" and you don't need to remove the linefeed later. You should handle it with a "value changed event" anyway.
You have way too many sequence structures. Many times execution order is not that inportant.
Event structures need to be on a toplevel diagram loop, always ready to fire. Don't hide them inside case structures or inner loops.
Lot's of unecessary code. Let's look for example at the code in the big FALSE structure:
You have a reference and write to a value property of the message box while the message box terminal is disconnected elsewhere on the diagram. Remove all that extra baggage and place the terminal right there and wire to it.
You have a while loop containing a sequence, containing another while loop. The sequence and outer while loop have no purpose.
The while loop spins millions of times per second, just burning CPU. How fast can you possibly type??? Place a 100ms wait.
Rewritten as event structure, it could looks as follows (buttons set to latch action, string set to "limit to single line" and NOT "update while typing"). (see iamge below).
Of course the entire code should be rewritten in a similar fashion and around this single event structure. A second event case could deal with the error condition. Simplify!!!!
Message Edited by altenbach on 06-14-2009 11:49 AM
LabVIEW Champion . Do more with less code and in less time .
Attachments:
GetSN.png 46 KB -
BRF linking event action and expressions
Hi,
Looking for a bit of clarification here
In an application class I have an event EVENT1, which is linked to an action ACTION1....
Now I design a a series of expressions lets call them EXPRA, EXPARB, EXPRC, and EXPRD.
What links these expressions to ACTION1 ??
If I then have another event EVENT2 which I link to an action ACTION2 for which I want to use the some of the same expressions (but not all) how do I do this.
ALSO
An event can be linked to more than one action so this means I really need to understand how the expressions are linked to the action. For instance if I have 20 expressions but I want to use 10 of them when actiona is invoked and the other 10 for actionb how is this achieved (indeed can it be achieved)?
The doco for this framework is just terrible!!Hi,
you can either attach event / expression to action at a time, and you can not have both .
The usual rules to have Events -expressions -Actions are using the Rules.
One can have Expressions attached to event using Rules subscreen. and also attach the action to the same rule.... this will work like
"When Event is triggered, expression will be evaluated, and if this returns TRUE, then action will be executed."
ie., EVENT = if EXPRESSION then ACTION
You can attach 4 expressions to one action at a time, this you can achieve using the implementation class : CL_CRM_PS_ECC_MSG_BRF for the action.
use the BRF as message ID and 014 as Message number while creating the message . this gives you the option to enter 4 expressions.
Seema -
UWL - Terminating Events - Action Failed
Hi,
For a particular Task, i have uploaded a XML file which is mainly used to Approve or Reject a particular Task.
The problem which i m facing is when i click the "Approve " button i get the error message "Action failed"
Do i need to do any more configurations in SWFVISU ?
Note: I have followed the steps mentioned in sec 8.2 - "Terminating events" in the document "How to configure UWL"
Thanks in advance for your support.
Regs/VenkatDid you exchange the UWL default view with myApprovalRejectView_TE ?
Kai -
TES 6.0.3 JOB Triggers Events Action behaviours
please advice how we can showcase following scenario in a customer POC.
Scenario:
1. Customer Run a JOB
2. JOB has following exit STATUS
a. JOB exit status
i. EXIT 0
ii. EXIT 1
b. Script OUTPUT
i. SELINUX=permissive
ii. SELINUX=enforcing
iii. SELINUX=disabled
3. if EXIT 0 do nothing
4. if EXIT 1 email to administrator
5. if SELINUX=permissive --> email action
6. if SELINUX=enforcing --> run JOB-a
7. if SELINUX=disabled --> run JOB-bHi,
If your job is setup to trak 0 as a normal completion and anythign else other than 0 will be considered as abnormal completion then you may use a job event to look for abnormal completion so to fire off an email action.
Im not sure if i understood your question regards the SELINUX selections but if you meant that the job output for your script will be one of those selections you've mentioned then if i were you i would use a global variable to host the job output and then use variable events to deal with the different outputs/values so to trigger the appropriate job/action.
Good luck -
IPS Event Action Filter is not working properly.
Hi,
We have a local syslog server which listens on UDP 514 port. As many UDP frames has been cut I've done some investigation and found dropped packets (action requested by IPS). This was 1206.0 signature which is "IP Fragmant Too Small". I have created a new entry in IPS Policies to filter this out, but it didn't help. As a test I have disabled the signature completly and all frames have been delivered fine. Another thing I've tried was bringing the new action filter to the top and enabled "Stop on Match" option. Still the same. The only one solution is to disable the signature, but we can't do it.
This is ASA-SSM-20 installed on ASA 5520 version 7.1(6)E4, mode: inline
Bug search tool didn't show any related bugs.
I have checked Database integrity and get "No errors found while performing database integrity checks.
My questions are:
1. What can cause an action to be ignored on IPS?
2. Is it worth to use "Repair Database" tool? If yes what is the impact.
3. Is it possible to check hit counts on each action filter?
Regards
MariuszHi All,
Filter settings below:
The filter works partially as I don't get alerts on the IPS itself.
Firewall LOG:
4 Feb 14 2014 15:33:22 39715 514 IPS requested to drop UDP packet from SOURCE_VLAN_NUMBER:/39715 to DESTINATION_VLAN_NUMBER:/514
IPS LOG (when enabled):
evIdsAlert: eventId=1352793300955167909 vendor=Cisco severity=low
originator:
hostId: SSM02
appName: sensorApp
appInstanceId: 1192
time: Feb 14, 2014 15:33:22 UTC offset=0 timeZone=GMT00:00
signature: description=IP Fragment Too Small id=1206 version=S212 type=anomaly created=20030801
subsigId: 0
sigDetails: Too many small IP fragments in datagram
interfaceGroup: vs0
vlan: 0
participants:
attacker:
addr: 172.x.x.x locality=OUT
port: 39715
target:
addr: x.x.x.x locality=OUT
port: 514
os: idSource=unknown type=unknown relevance=relevant
alertDetails: InterfaceAttributes: context="single_vf" physical="Unknown" backplane="GigabitEthernet0/1" ;
riskRatingValue: 50 targetValueRating=medium attackRelevanceRating=relevant
threatRatingValue: 50
interface: GigabitEthernet0/1 context=single_vf physical=Unknown backplane=GigabitEthernet0/1
protocol: udp
Our next step is to make a service policy exception on the firewall itself. We are also considering reloading the IPS device or at least the analysis engine.
Thanks for all your help so far. Any more suggestions are most welcome. I'll keep you up to date.
Regards
Mariusz
Maybe you are looking for
-
Landed Cost not showing in Inventory Audit
I have a query that goes against the OIPF/IPF1 tables to locate all Landed Cost transactions for a particular item. To test/verify the query, I ran the Inventory Audit report for the item. There are transactions returned from the query that do not sh
-
Photoshop CS3 Extended - Silent Deploy
Hello All,<br /><br />I'm having difficulty installing Photoshop CS3 silently. I've made a copy of the "Adobe CS3" directory on the DVD media to a network share (its contents being Setup.exe, as well as several other files and the payloads, redist,
-
1.is it possible to read a .xls file and load it into an oracle table
1.is it possible to read a .xls file and load it into an oracle table, using oracle database or oracle forms i.e. either utl_file, or text_io, or any other oracle tool. As far as I know we need a csv file or a txt ( tab delimited) file ? 2.Are there
-
first post here for me- i'm struggling to work out how to attach photos to to my composed gmail messages. I'm clicking on 'attach file' then 'choose file' but cant find any where amongst my documents, files and applications etc my photo libary from w
-
How to underscore text in Iphone 4?
Is the iPhone 4 designed so as to be able to underscore text when entering text on the keyboard?