GG Event Action

Similar Messages

• How to get the table Event action in the controller???

  HI
  Based on my requirement i have extended my controller,but i want to perform some validation like ,,,,
  i have table in one region ,in which one column is having a Button (flex field) action with image,
  i want to write the code in the controller according to the validation ,,,,but i am unable to find the event action in the main controller,
  how to get the event action ?,,,,, of the item type as image
  thanks in advance
  Kash

  If not you can use image component with clientListener and serverListener to preform your requirement set clientListener click event and then inside clientListener java script method call the
  serverListener then will execute serverListener method.

• Tree component event action

  Hello
  There's a page which contains the following 3 components: Input textfield, Button, Tree
  I made the following settings of them:
  I set the "event action" at the tree node, and so did I at the button properties.
  When I click on the button, the action runs and set the value of the Input textfield:
  �this.i_textField1.setValue("something");� - the Input textfield display it as it should.
  When I click on the tree node and the event action runs (it can be tracked in debug mode) which runs �this.i_textField1.setValue('something');�, but the textfield doesn't display it.
  Any suggestions?
  Thanks

  The root problem is that the tree node component always behaves as though it had an immediate property set to "true". You'll get the same behavior from button or hyperlink or any other action component is you set immediate="true". The text field submitted values are not cleared, and so the text field redisplays them instead of the value that is set in code or obtained by evaluating the binding on the session bean.
  There is a work-around. There is a page bean method, erase(), which will clear all submitted values. Call this before you set the new values, e.g.:
      public String treeNode1_action() {
          this.erase();
       textField2.setValue("Tree Node");
          staticText2.setValue("Tree Node");
       getSessionBean1().setTemp("Tree Node");
          return null;
  [/code
  // Gregory                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

• Extended events /actions definitions

  One of the shortcomings I seem to keep stumbling across is that event action definitions are no where to be found.  I've been searching for weeks and can't find a resource from Microsoft which helps me understand the official definition for an action.
  Has someone here found that resource or know where it is?

  If you are talking about the descriptions of what they collect, then indeed the DMVs are the best place at hand currently still.
  Example query:
  -- XE Actions
  SELECT dm_xe_packages.name AS package_name,
  dm_xe_objects.name AS source_name,
  dm_xe_objects.description
  FROM sys.dm_xe_objects AS dm_xe_objects
  INNER JOIN sys.dm_xe_packages AS dm_xe_packages
  ON dm_xe_objects.package_guid = dm_xe_packages.guid
  WHERE
  (dm_xe_packages.capabilities IS NULL OR dm_xe_packages.capabilities & 1 = 0)
  AND (dm_xe_objects.capabilities IS NULL OR dm_xe_objects.capabilities & 1 = 0)
  AND dm_xe_objects.object_type = 'action'
  If you want to undestand the Extended Events Architecture more deeply I can recommend this article by Jonathan Kehayias:
  Using SQL Server 2008 Extended Events
  Andreas Wolter (Blog |
  Twitter)
  MCSM: Microsoft Certified Solutions Master Data Platform, MCM, MVP
  www.SarpedonQualityLab.com |
  www.SQL-Server-Master-Class.com

• Issue with applying Event Action filters

  Dear friends,
  A general question on Event Action filters. There is a signature with sig ID 6257.
  The following is the event action filter configuration:
  service event-action-rules rules0
  filters edit DHCP
  signature-id-range 6257
  subsignature-id-range 0
  attacker-address-range 172.20.20.10,172.20.20.11
  actions-to-remove produce-alert
  filter-item-status Enabled
  stop-on-match True
  os-relevance not-relevant
  exit
  Even though a valid DHCP offer is being given by the DHCP server, this alert is getting fired.
  We have even excluded the IP's of the DHCP Servers - 172.20.20.10 and 172.20.20.11 from the Attacker Address range parameter in the signature but still this alert gets fired.
  evIdsAlert: eventId=1204853641442197329 vendor=Cisco severity=low
  originator:
  hostId: IDSM2Core1
  appName: sensorApp
  appInstanceId: 592
  time: April 7, 2008 5:46:48 AM UTC offset=180 timeZone=1
  signature: description=DHCP Client DoS id=6257 version=S316
  subsigId: 0
  sigDetails: Server Offered a Malicious IP Address
  marsCategory: DoS/Host
  interfaceGroup: vs0
  vlan: 200
  participants:
  attacker:
  addr: 172.20.20.10 locality=OUT
  port: 0
  target:
  addr: 10.1.1.78 locality=OUT
  port: 0
  os: idSource=unknown type=unknown relevance=unknown
  summary: 4 final=true initialAlert=1204853641442197267 summaryType=Regular
  alertDetails: Regular Summary: 4 events this interval ;
  riskRatingValue: 25 targetValueRating=medium
  threatRatingValue: 25
  interface: ge0_7
  protocol: udp
  Looking forward to your kind help and advise on this.
  Thanks a lot
  Gautam

  Some things to check:
  1) Is the filter in the active list? Filters can be enabled or disabled, but they can also be active ro inactive. You've only show a part of your configuration so I can't tell if the filter is part of the active list.
  2) Are there actions other than produce-alert for the signature? Or is an event action override adding other actions?
  Produce-alert is not the only action that can cause an alert to be generated. The produce-verbose-alert, request-snmp-trap, log-attacker-packets, log-victim-packet, and log-pair-packets will also cause alerts to be generated. Modify the filter to also remove these actions.
  3) The alert you've shown is a Summary Alert. There may be an issue with Summarization and the Filters. Try modifying the signature to set it to FireAll with no summarization.
  4) If you have multiple filters then check the order of the filters. If the event is matching an earlier filter where the stop-on-match is set to True, then it will not check the event against this filter. Either move this filter up higher in the filter list, or change earlier filters to be "stop-on-match false".
  5) Also check to see if you are running the latest 5.1(7) or 6.0(4) Service pack. If running earlier 5.1 or 6.0 versions you might be hitting a bug that could have already been fixed.
  If none of the above help, then contact the TAC. It could be that you may have foung a bug that the sensor development team is unaware of.
  To help in identifying the problem take a packet capture of the packets from 172.20.20.10 for several minutes around the time when the sensor is generating these alerts.
  This way the team can both check if the signature is firing correctly, and if the filters are working correctly for that signature.

• How to add an Event action filter when victim address is " na "?

  Using VMS/IPS MC to add an event action filter. IPS MC requires an victim address in the event action filter, however the alert in Security Monitor has "<na>" as the victim address.
  I tried "0.0.0.0 255.255.255.255", which caught the alerts that had victim addresses, but the alerts with victim address of <na> are still being reported.
  The signatures are 3250 and 3251 (tcp hijacks).

  marcabal has posted a very good explanation for sig 3030 here:
  http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&type=EmailAFriend&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dd9b49a%2F0#selected_message
  It may also explain some of the other problems.
  I would like to add that in any field usually means that the signature does not require anything in that field in order to fire, and therefore, it is truly "not applicable". In the referenced post, marcabl indicated that filters should be a little more controllable in version 5.1. However, we haven't upgraded from 5.0 yet so I couldn't confirm that. I would hope that regardless of whether the data is applicable to the signature or not, the sensor would gather and display the information in SecMon.
  With 3030, it came down to a question of, "is this signature really helping us keep this network secure?" I pulled a lot of hair out over that signature.

• How many event actions filters a cisco ips can support

  we are running cisco ips 7.0(2) E4, and we are planning to tune some of the traffic everyday.......any idea how many event action filters can be applied to a sensor or is there is any maximum limit on the number of filters?

  There is no limit to how many event action filters you can configure. I assume that you also know that event action filters is ordered list:
  http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_event_action_rules.html#wp2033432
  Also, found this bug FYI: bugID: CSCtf78755:
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtf78755
  (When over 495 event action filters are configured via CLI, it's corrupting "rules0.xml" file)
  Hope that answers your question.

• Event Action Filters (difference between column Active & Enabled?)

  I have a IPS4260, running v6.0(3).
  Under "Configuration" > "Event Action Rules" > "Event Action Filter".
  What is the difference between column "Active" and "Enabled"? This is confusing.

  Event action filters are evaluated in a specified order. Active means that a filter participates in the order. Enabled means that it can perform a filtering action. Use Disable when you want to preserve the order, but not perform the action (e.g. if you want to turn it off for debugging, but want to keep it's place in the list later). Use Inactive when you don't want the filter in the ordering at all (e.g. if you want to keep it as a reminder, but don't plan to use it again). The filter list is displayed by CLI and IDM in logical order - first all of the Active filters in their specified order, and then all of the Inactive filters. I don't think the designers really intended to have 2 similar options; it is more a side effect of the data model used for storing the configuration.

• AIP-SSM configured with event action "produce alert", but it drop packets

  Hi, I configured an AIP-SSM IPS on event action for "Produce Alert", but when fire a signature, it drop the packets. So, what will be the problem?

  Try these links:
  http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids11/cliguide/clievact.htm#wp1034058
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml

• T:commandNavigation2: no event/action

  Hi, I'm using t:commandNavigation2 together with attribute exernalLink. It works fine. Then I added event/action attributes. They appear just ignored, even if I refer to unexisting bean methods. Any suggestion ?
  Thanks.

  Hey,
  solved by setting:
  <context-param>
            <param-name>facelets.BUILD_BEFORE_RESTORE</param-name>
            <param-value>false</param-value>
  </context-param>
  was true before... don't know why this causes problems and... well it works now that enough for the moment :-)
  Regards

• Event action for folder

  Hello there ,
  I am try to do put event action on folder , In other world I want my program watch all time one specific folder and if some file has been add to this folder immediately do something like loading the added file or noticed the file name or etc.
  I wrote part for read folder and show all files name but i don`t know how i can add event to that folder . please give some idea or give me reference for it .
  Many thanks

  BlueVirtualWorld wrote:
  I wrote part for read folder and show all files name but i don`t know how i can add event to that folder . No. You can't. You will have to instead write a poller which will poll the occurance of new file in the folder. You can also use open source java based poller (like JPoller ) for this.

• How to decide when an a "wait for event action" is activated

  Hi,
  In the attched example file (which is a part of my program)I have 3 basic stages, enclosed in a sequence structure:
  1) I initialize the GUI buttons
  2) I check the instruments in my system are opened and ready to run ("VSWR initialize vi")and issue a true/false result.
  3) A case structure for normal run or abort operation (if the instruments do not
  respond correctly).
  4) If everything is ok the user has to scan a S/N using a bar code scanner.
  The problem is that when I run the program the EVENT STRUCTURE in the FALSE part of the case is automatically activated, before the VSWR initialize vi is started! 
  This causes that when the user tries to scan the serial number on the GUI he can only type one character and then the screen is stuck.
  If I disable the result from the VSWR initialize vi (as shown on the example) and connect a TRUE constant to the case structure, the event structure is not activated but then of course I can not use the "VSWR initialize vi".
  How can I make sure the event structure is activated only after the two first parts are done? That is, in normal order - only after the "VSWR initialize vi" returns a false result.
  Note, there's no need to understand each component in the attached file. The question is rather a general one about the right way to synchronize my program.
  Can anyone help ?
  Thank you in advance.
  Attachments:
  example.vi ‏34 KB

  Saverio already mentione most critical points. here are a few more:
  A very ugly quick fix (duct tape repair) is to configure the events to NOT lock the FP until the event completes. I recommend against this.
  All your buttons should be latch action. Now you don't need to reset them at the beginning.
  Set the "Board SN" string control to "limit to single line" and you don't need to remove the linefeed later. You should handle it with a "value changed event" anyway.
  You have way too many sequence structures. Many times execution order is not that inportant.
  Event structures need to be on a toplevel diagram loop, always ready to fire. Don't hide them inside case structures or inner loops.
  Lot's of unecessary code. Let's look for example at the code in the big FALSE structure:
  You have a reference and write to a value property of the message box while the message box terminal is disconnected elsewhere on the diagram. Remove all that extra baggage and place the terminal right there and wire to it.
  You have a while loop containing a sequence, containing another while loop. The sequence and outer while loop have no purpose.
  The while loop spins millions of times per second, just burning CPU. How fast can you possibly type??? Place a 100ms wait.
  Rewritten as event structure, it could looks as follows (buttons set to latch action, string set to "limit to single line" and NOT "update while typing"). (see iamge below).
  Of course the entire code should be rewritten in a similar fashion and around this single event structure. A second event case could deal with the error condition. Simplify!!!!
  Message Edited by altenbach on 06-14-2009 11:49 AM
  LabVIEW Champion . Do more with less code and in less time .
  Attachments:
  GetSN.png ‏46 KB

• BRF linking event action and expressions

  Hi,
     Looking for a bit of clarification here
  In an application class I have an event EVENT1, which is linked to an action ACTION1....
  Now I design a a series of expressions lets call them EXPRA, EXPARB, EXPRC, and EXPRD.
  What links these expressions to ACTION1 ??
  If I then have another event EVENT2 which I link to an action ACTION2 for which I want to use the some of the same expressions (but not all) how do I do this.
  ALSO
  An event can be linked to more than one action so this means I really need to understand how the expressions are linked to the action. For instance if I have 20 expressions but I want to use 10 of them when actiona is invoked and the other 10 for actionb how is this achieved (indeed can it be achieved)?
  The doco for this framework is just terrible!!

  Hi,
     you can either attach event / expression to action at a time, and you can not have both .
  The usual rules to have Events -expressions -Actions are using the Rules.
  One can have Expressions attached to event using Rules subscreen. and also attach the action to the same rule.... this will work like
               "When Event is triggered, expression will be evaluated, and if this returns TRUE, then action will be executed."
  ie., EVENT = if EXPRESSION then ACTION
  You can attach 4 expressions to one action at a time, this you can achieve using the implementation class : CL_CRM_PS_ECC_MSG_BRF for the action.
  use the BRF as message ID and 014 as Message number while creating the message . this gives you the option to enter 4 expressions.
  Seema

• UWL - Terminating Events - Action Failed

  Hi,
  For a particular Task, i have uploaded a XML file which is mainly used to Approve or Reject a particular Task.
  The problem which i m facing is when i click the "Approve " button i get the error message "Action failed"
  Do i need to do any more configurations in SWFVISU ?
  Note: I have followed the steps mentioned in sec 8.2 - "Terminating events" in the document "How to configure UWL"
  Thanks in advance for your support.
  Regs/Venkat

  Did you exchange the UWL default view with myApprovalRejectView_TE ?
  Kai

• TES 6.0.3 JOB Triggers Events Action behaviours

  please advice how we can showcase following scenario in a customer POC.
  Scenario:
  1. Customer Run  a JOB
  2. JOB has following exit STATUS
  a. JOB exit status
    i. EXIT 0
    ii. EXIT 1
  b. Script OUTPUT
    i.  SELINUX=permissive
    ii. SELINUX=enforcing
    iii. SELINUX=disabled
  3. if EXIT 0  do nothing
  4. if EXIT 1  email to administrator
  5. if SELINUX=permissive  --> email action
  6. if SELINUX=enforcing --> run JOB-a
  7. if SELINUX=disabled --> run JOB-b

  Hi,
  If your job is setup to trak 0 as a normal completion and anythign else other than 0 will be considered as abnormal completion then you may use a job event to look for abnormal completion so to fire off an email action.
  Im not sure if i understood your question regards the SELINUX selections but if you meant that the job output for your script will be one of those selections you've mentioned then if i  were you i would use a global variable to host the job output  and then use variable events to deal with the different outputs/values so to trigger the appropriate job/action.
  Good luck

• IPS Event Action Filter is not working properly.

  Hi,
  We have a local syslog server which listens on UDP 514 port. As many UDP frames has been cut I've done some investigation and found dropped packets (action requested by IPS). This was 1206.0 signature which is "IP Fragmant Too Small". I have created a new entry in IPS Policies to filter this out, but it didn't help. As a test I have disabled the signature completly and all frames have been delivered fine. Another thing I've tried was bringing the new action filter to the top and enabled "Stop on Match" option. Still the same. The only one solution is to disable the signature, but we can't do it.
  This is ASA-SSM-20 installed on ASA 5520 version 7.1(6)E4, mode: inline
  Bug search tool didn't show any related bugs.
  I have checked Database integrity and get "No errors found while performing database integrity checks.
  My questions are:
  1. What can cause an action to be ignored on IPS?
  2. Is it worth to use "Repair Database" tool? If yes what is the impact.
  3. Is it possible to check hit counts on each action filter?
  Regards
  Mariusz

  Hi All,
  Filter settings below:
  The filter works partially as I don't get alerts on the IPS itself.
  Firewall LOG:
  4          Feb 14 2014          15:33:22                              39715                    514          IPS requested to drop UDP packet from SOURCE_VLAN_NUMBER:/39715 to DESTINATION_VLAN_NUMBER:/514
  IPS LOG (when enabled):
  evIdsAlert: eventId=1352793300955167909  vendor=Cisco  severity=low 
    originator:  
      hostId: SSM02 
      appName: sensorApp 
      appInstanceId: 1192 
    time: Feb 14, 2014 15:33:22 UTC  offset=0  timeZone=GMT00:00 
    signature:   description=IP Fragment Too Small  id=1206  version=S212  type=anomaly  created=20030801 
      subsigId: 0 
      sigDetails: Too many small IP fragments in datagram 
    interfaceGroup: vs0 
    vlan: 0 
    participants:  
      attacker:  
        addr: 172.x.x.x  locality=OUT 
        port: 39715 
      target:  
        addr: x.x.x.x  locality=OUT 
        port: 514 
        os:   idSource=unknown  type=unknown  relevance=relevant 
    alertDetails: InterfaceAttributes:  context="single_vf" physical="Unknown" backplane="GigabitEthernet0/1" ; 
    riskRatingValue: 50  targetValueRating=medium  attackRelevanceRating=relevant 
    threatRatingValue: 50 
    interface: GigabitEthernet0/1  context=single_vf  physical=Unknown  backplane=GigabitEthernet0/1 
    protocol: udp 
  Our next step is to make a service policy exception on the firewall itself. We are also considering reloading the IPS device or at least the analysis engine.
  Thanks for all your help so far. Any more suggestions are most welcome. I'll keep you up to date.
  Regards
  Mariusz