How to test anomaly detection in IPS6 ?

Hi!
Does anybody have experience with AD in IPS6? I tried to test it today with 3 nmap sessions each scanning 100 different IPs. I saw the Sig 13003-0 (single scanner) fired:
signature: description=AD - External TCP Scanner id=13003 version=S262
alertDetails: . adExtraData: numDestIps=150; currentThreshold=150; destPort=80
The scanner threshold was indeed set to 150:
S1# sh ad-knowledge-base vs0 thresholds current
External Zone
TCP Services
Default
Scanner Threshold
User Configuration = 150
Threshold Histogram - User Configuration
Low = 10
Medium = 3
High = 1
UDP Services
This is ok. The problem is that the Sig 13003-1 (warm) didn't fire, however the number of scanned IPs was very high:
S1# sh statistics anomaly-detection vs0
Statistics for Virtual Sensor vs0
Attack in progress
Detection - ON
Learning - OFF
Next KB rotation at 10:00:00 MSK Fri Dec 28 2007
Internal Zone
TCP Protocol
UDP Protocol
Other Protocol
External Zone
TCP Protocol
Service 80
Source IP: 10.0.1.1 Num Dest IP: 280
Questions:
- what does Low/Medium/High exactly mean in threshold histogram?
- how does the sensor detect worms? When the Sig 13003-1 fires? What sequence of events should happen?
- how can I test it?

The sensor constantly watches for scanners on each port.
There are 3 categories of scanners:
Low scanners - scanners that are only scanning a low number of hosts.
Medium scanners - scanners that are scanning a medium number of hosts
High scanners - scanners that are scanning a high number of hosts
NOTE: I can't remember for sure how many hosts must be scanned for it to be a "Low" number of hosts, or "Medium" or "High". But it may be something like 5 hosts scanned is a "Low" scanner, 20 for Medium and 100 for High. Once again I am not sure of those numbers.
Also be aware that the number of hosts scanned is not the Total numner of hosts scanned, but is instead the number of hosts scanned THAT did not respond.
If you connect to 100 web servers and all web servers respond then it does not count that as a scan. If you try to connect to 100 web servers and 92 respond, then for the 8 that don't respond you would be categorized as a Low scanner.
But just because a scanner is counted in a category does not mean an alert will be generated.
There are 2 types of alerts (subsig 0 alerts, and subsig 1 alerts)
Subsig 0 alerts are for a scanner that is scanning enough hosts that you want an alert for it even when no worm has been declared.
This is the "scanner Threshold / User Configuration = 150" that you see in the "show ad-knowledge-base vs0 thresholds current" output.
If a scanner scans more than 150 hosts then a specific alert is generated even though no worm has been declared.
Any scanners scanning less than 150 hosts are still categorized but do not have alerts generated for them when no worm has been declared.
The subsig 1 alerts are for when a Worm has been declared.
Here is how a worm gets declared:
The Thesholds for Low, Medium, and High that you see in "show ad-knowledge-base vs0 thresholds current" is the number of active scanners in each category that are allowed to normally be seen on your network (this is the number of scanners that will be seen on your network even when there are no worms).
A worm gets declared when the number of scanners in any one of the 3 catgeories goes above the threshold for that category.
Let's take for example Medium=3 as the threshold for port 21. And let's assume it takes a scan of 20 hosts to be categorized as a Medium scanner.
This means normally you could have up to 3 scanners on your network where each scanner is scanning 20 or more non-responding hosts on port 21.
(Maybe these are 3 network administrators periodically checking to see which machines have port 21 open)
Suddenly you have 5 scanners that start scanning on port 21 and each of the 5 winds up with 20 or more non-responding hosts.
That 5 has broken the threshold of 3, and a worm is declared. Now any Medium Category scanner on port 21 will begin being declared a scanner under a worm condition (subsig 1).
So for your testing.
Instead of running a scan of 100 hosts from just one machine, I would recommend you scan the same 100 hosts from 2 or 3 machines (NOTE: Only need to scan a single port across those 100 hosts).
Scanning 100 hosts should get them categorized as High scanners. And having 3 High Scanners should push it over the threshold of 1.
BUT keep in mind that it needs to be 100 hosts not responding on the scanned port.
Then you will also want to try it with fewer hosts being scanned (like say 25), but with say 5 machines running nmap doing the scanning.

Similar Messages

MFP Anomaly Detected Access Points are moving from one wlc to another and vice versa

Hi together,
a customer has lost some Access Points to another WLC with 7.2 and then they come back after 15 minutes to the origin WLC with 7.5
Attached the messages
MFP Protection is configured as optional
152
Wed Nov 27 05:33:26 2013
MFP Anomaly Detected - 1 Not encrypted event(s) found as   violated by the radio 58:bf:ea:0f:67:4a and detected by the dot11 interface   at slot 1 of AP 58:bf:ea:0f:67:40 in 300 seconds when observing . Client's   last source mac 70:11:24:e4:43:0f
153
Wed Nov 27 05:31:40 2013
AP Disassociated. Base Radio MAC:88:43:e1:56:91:d0
154
Wed Nov 27 05:31:40 2013
AP's Interface:0(802.11b) Operation State Down: Base Radio   MAC:88:43:e1:56:91:d0 Cause=New Discovery Status:NA
155
Wed Nov 27 05:31:33 2013
AP Disassociated. Base Radio MAC:58:bf:ea:0f:73:d0
156
Wed Nov 27 05:31:33 2013
AP's Interface:1(802.11a) Operation State Down: Base Radio   MAC:58:bf:ea:0f:73:d0 Cause=New Discovery Status:NA
157
Wed Nov 27 05:31:33 2013
AP's Interface:0(802.11b) Operation State Down: Base Radio   MAC:58:bf:ea:0f:73:d0 Cause=New Discovery Status:NA
158
Wed Nov 27 05:31:28 2013
AP Disassociated. Base Radio MAC:58:bf:ea:0f:fc:20
159
Wed Nov 27 05:31:28 2013
AP's Interface:1(802.11a) Operation State Down: Base Radio   MAC:58:bf:ea:0f:fc:20 Cause=New Discovery Status:NA
160
Wed Nov 27 05:31:28 2013
AP's Interface:0(802.11b) Operation State Down: Base Radio   MAC:58:bf:ea:0f:fc:20 Cause=New Discovery Status:NA
161
Wed Nov 27 05:31:17 2013
AP Disassociated. Base Radio MAC:b4:e9:b0:e4:02:20
162
Wed Nov 27 05:31:17 2013
AP's Interface:1(802.11a) Operation State Down: Base Radio   MAC:b4:e9:b0:e4:02:20 Cause=New Discovery Status:NA
163
Wed Nov 27 05:31:17 2013
AP's Interface:0(802.11b) Operation State Down: Base Radio   MAC:b4:e9:b0:e4:02:20 Cause=New Discovery Status:NA
164
Wed Nov 27 05:31:15 2013
AP Disassociated. Base Radio MAC:a4:18:75:eb:da:b0
165
Wed Nov 27 05:31:15 2013
AP's Interface:1(802.11a) Operation State Down: Base Radio   MAC:a4:18:75:eb:da:b0 Cause=New Discovery Status:NA
166
Wed Nov 27 05:31:15 2013
AP's Interface:0(802.11b) Operation State Down: Base Radio   MAC:a4:18:75:eb:da:b0 Cause=New Discovery Status:NA
167
Wed Nov 27 05:28:26 2013
MFP Anomaly Detected - 35 Not encrypted event(s) found as   violated by the radio d8:24:bd:2f:df:6f and detected by the dot11 interface   at slot 1 of AP d8:24:bd:2f:df:60 in 300 seconds when observing Deauth.   Client's last source mac 00:23:14:a7:e3:54
168
Wed Nov 27 05:23:26 2013
MFP Anomaly Detected - 23 Not encrypted event(s) found as   violated by the radio f8:4f:57:a5:40:b2 and detected by the dot11 interface   at slot 0 of AP f8:4f:57:a5:40:b0 in 300 seconds when observing . Client's   last source mac 44:4c:0c:ba:27:77
Don´t know at the moment how to handle it.
Regards
Alex

Hi lAlex,
Disable Client MFP under WLAN advanced tab & see if this still occur
Regards
Rasika
**** Pls rate all useful responses *****

Anomaly detection using ODM

I was asked the following question:
"My question is very simply, we are doing a monitoring system for a
website that helps the admin to mine on specific data (using ODM to
produce Web mining) so we want to apply the anomaly detection. We dont
know what we should do and what we should produce as a results."
A couple of suggestions come to mind:
1) For an overall discussion of intrusion detection in general using the Oracle RDBMS as an analytical platform the following paper might be useful:
http://www.oracle.com/technology/products/bi/odm/pdf/odm_based_intrusion_detection_paper_1205.pdf
2) A couple of things to think about and do:
(a) Define what is the "mining case", that is, the "object that defines what is the concept you want to mine. For example, in web mine you may want to detect anomalous session activity. This can be defined over the whole activity of a session or over time windows. In the first case each session will define a mining case (it will be a row in the training data). In the second case each section will generate many mining cases, one per time window. Let's assume for sake of discussion that the goal is to identify anomalous session activity. Then the training data will consist of the session activities (e.g., clicks, pages visited, and/or information from forms; or more generally, http requests). There will be one row per session in the training data. If we know beforehand that some of those sessions where intrusion or anomalous in some sense we can also capture this data as a target for supervised modeling.
(b) Decide what modeling to do. Two types of modeling can be performed (see the paper above for examples):
(i) Supervised modeling - case there are examples of anomalous cases as well as normal cases
This can be done by building a classifier on the training data. It is also possible to measure the quality of the classifier on a held aside sample.
(ii) Unsupervised modeling - this should be done as well even if we can create a supervised model
Unsupervised approaches don't provide a measure that indicates how good the model is at predicting anomalous events. These models are better at ranking cases by how anomalous the model believe they are.
Two common unsupervised techniques for anomaly detection are: Clustering and One-Class SVM. The latter is considered a state-of-art in many problem domains and it is the one implemented by ODM. ODM also has clustering but it does not return distance of a row to the center of cluster. This information is necessary for using it clustering for anomaly detection. If one wants to use clustering, the Oracle Data Mining blog has a post that can help compute distance from rows to centroids:
http://oracledmt.blogspot.com/2006/07/finding-most-typical-record-in-group.html
It is important to note that the method described in the post doesn't support nested column attributes.
When building unsupervised models, only the data for normal cases should be used to training the models. The unsupervised models can be seen as defining what is normal. It will recognize that something is anomalous when it does not match the definition of normality learned by the model.
(c) Use ODMR to help with modeling
(d) As new session information is gathered it is possible to score in real-time the session to detect anomalous behavior. One should score both supervised (if information was available) and unsupervised models to detect anomalous behavior. See the above paper for some discussion on this.
The supervised model will indicate if a case is anomalous or not based on known types of anomalous behavior. One should use ROC tuning in ODMR to find a good operating point for the model. This is necessary because the number of anomalous cases is usually small compared to normal ones.
The unsupervised model (one-class SVM) will provide a ranking. The higher the probability of belonging to class 1 the more normal. A 0.5 probability for class 1 indicates the boundary between normal and not normal. In reality it marks a boundary where normality dominates. There can be some anomalous cases with probability higher than 0.5 and some normal cases with probabilities less than 0.5. If working in batch mode we can rank the probabilities in ascending order and select the first K rows for investigation.
--Marcos

A suggestion to speed up the process: provide more information about your data (e.g., schema) and how you are invoking the algorithm (GUI, API, settings). Case you are using the APIs, have you tried the sample programs for anomaly detection?
Regarding the Apriori algorithm it does not support timestamps and dates columns. In fact, none of the algorithms in ODM does (see the documentation for Oracle Data Mining for the supported column data types). the dbms_predictive_analytics package does. Are you trying to do sequential association rules or just trying to do plain association rules using data from a date column? ODM does not support the former. The latter can be done by converting the date column to a VARCHAR or NUMBER column.
--Marcos

Anomaly Detection

Guys,
I need to create my KB because the current is very very old ( 09:59:59 GMT-06:00 Tue Sep 22 2009 ) When I try to save it manually with the command
anomaly-detection vs0 save MYKB I get an error that says: Attack in progress
I need to create a new KB and load it because the Rotate methot is not working since the last KB is very old. I thisk it's not working because there is an attack ALWAYS.
Can I save a load a KB file manually even if there is an attack in progress?
If not, How can I fix my problem
Thanks,
DiegoCR CCSP

Hi Diego
You can fix this by:
Turn the anomaly detection off (operational-mode inactive)
Erase/copy/load the files you need and start the anomaly detection or preferably put the sensor in learning accept mode (operational-mode learn) and wait for 24 hours.
Br
Johan Kellerman

ODM Apriori and Anomaly Detection Questions

i have 2 questions the 1st concerning the Apriori algorithm does it
support timestamps and dates ??
if yes then how to use it :$ (is there any sample ?)
the other questiong regarding the Anomaly Detection when ever i try
building the model i get wiered errors and when i searched for the
last error i found online "Reported as a bug" its error ORA:00600 but
most of the times i get the error ORA-40109: inconsistent logical data
record

see Re: Some Questions regarding Apriori algorithm and anomaly detection for a reply

Startup guide for oracle data mining for anomaly detection

hi
well i have setup oralce 10g for data mining. ihae also downlaoded and nstalled demo prog.
now im wondering how to start to develop my own model.... basically my idea is to use anomaly detection tecnuique for network traffic.
i want ot scann network packets and mine them for anomaly. do i have to create profiles for that and if yes how?????
A BIG DILEMMA... ANY ONE CAN PLS GUIDE, ILL APPRECIATE
CHEERS
ninja

Ninja,
You may also want to take a look at this thread in the forum:
Re: Some Questions regarding Apriori algorithm and anomaly detection
It has some discussion that might help.
-Marcos

How to test RAM and HDD (Hard Drive).

Introduction
HP machines have built-in Bios testers for RAM and HDD's.
To use them you need to enter Bios by pressing F10 on startup. They are placed under ' Diagnostics menu '.
Why I wrote this guide and complicate whole situation?
There are three reasons:
This testers are not so great and sometimes they do not detect problems which you may have with your hardware. It's recommended to use more advanced tester for RAM and manufacter diagnostic programs to test HDD's.
Not always you will be able to enter Bios. Sometimes corrupted hardware is blocking possibility to run it.
Advanced diagnostic softwares for hard drives allow to fix some problems.
Table of Contents:
A How to test RAM with Memtest86+.
B How to test HDD (Hard Drive).
** Say thanks by clicking the "Thumb up" icon which is on the left. **
** Make it easier for other people to find solutions, by marking my answer with "Accept as Solution" if it solves your issue. **

Ad. A
There are few possibilities to run this program. In this guide I will present how to run it from:
CD
       and
USB Flash Drive.
First we need to burn Memtest86+ on a CD or prepare properly USB Flash drive with a special tool.
Here you will find Memtest86+ home page from which you will be able to download correct version of this software.
Solution 1. CD:
        Download ' Pre-Compiled Bootable ISO (.zip) ' and extract it with 7-Zip(free) or WinRar.
        Download CDBurnerXP from here. Install this program and run it.
        Choose ' Browse ISO image '.
        and point Memtest86+ iso file.
        Click ' Burn disc '.
        Wait until burning process will finish.
        Choose ' OK '.
        Exit from program.
Solution 2. USB Flash Drive:
         Download ' Auto-installer for USB Key (Win 9x/2k/xp/7) ' and extract it with 7-Zip(free) or WinRar.
         Connect USB Flash Drive to one of USB ports. Run ' Memtest86+ 4.10 USB Installer '.
         Click ' I Agree '.
         Select USB Flash Drive and check box to format it.
     Caution!
          Format process will erase all information from USB Flash Drive. If you have there something important then please backup this data first.
           Choose ' Create '.
           Wait until process will finish and click ' Next '.
           Exit from program by choosing ' Finish '.
How to run Memtest86+.
Leave USB Flash drive in USB port or CD in CD/DVD drive. Restart your system and on startup press F9 key repetitively:
After this step you will be able to select from which device you want to boot. Choose from the list ' USB Hard Drive ' if you have prepared USB Flash Drive (like on below photo) or ' Optical Disk Drive ' if you have prepared CD:
How to use Memtest86+ to test RAM?
Do at least 2 - 3 passes. In Errors column may show up only 0. If it's other number then you need to replace corrupted RAM stick.
** Say thanks by clicking the "Thumb up" icon which is on the left. **
** Make it easier for other people to find solutions, by marking my answer with "Accept as Solution" if it solves your issue. **

How to test a simple PL SQL function from another PL SQL script

Hi,
I have created a function. Now i need to test that whether it is returning the correct values or not.
For that, i have written anothe pl sql script and trying to call this function. Im passing all the IN parameters in that function. I assume here that OUT parameters will provide me the result. Im trying to display the OUT parameter one by one to see my result.
I'm using toad as sql client here connected with oracle.
pl sql script:-
DECLARE
BEGIN
     DBMS_OUTPUT.PUT_LINE('$$$$$$$ VINOD KUMAR NAIR $$$$$$$');
     FETCH_ORDER_PRODUCT_DATA(320171302, 1006, 6999,
ODNumber OUT VARCHAR2, Line_Number OUT VARCHAR2,
ServiceID OUT VARCHAR2, BilltoNumber OUT VARCHAR2,
AnnualPrice OUT NUMBER, CoverageCode OUT VARCHAR2)
DBMS_OUTPUT.PUT_LINE('HERE IS THE RESULT ' | ODNumber );
DBMS_OUTPUT.PUT_LINE('HERE IS THE RESULT ' | Line_Number );
DBMS_OUTPUT.PUT_LINE('HERE IS THE RESULT ' | ServiceID );
DBMS_OUTPUT.PUT_LINE('HERE IS THE RESULT ' | BilltoNumber );
DBMS_OUTPUT.PUT_LINE('HERE IS THE RESULT ' | AnnualPrice );
DBMS_OUTPUT.PUT_LINE('HERE IS THE RESULT ' | CoverageCode );
END;
Function:-
Program Name : SPOT_Order_Product_Data_For_CFS.sql
Description : Function to Validate parameters from CFS
By : Vinod Kumar
Date : 08/19/2011
Modification History
By When TAR Description
CREATE OR REPLACE FUNCTION FETCH_ORDER_PRODUCT_DATA(orderNumber IN VARCHAR2, customerNumber IN VARCHAR2,
productLine IN VARCHAR2, ODNumber OUT VARCHAR2,
Line_Number OUT VARCHAR2, ServiceID OUT VARCHAR2,
BilltoNumber OUT VARCHAR2, AnnualPrice OUT NUMBER,
CoverageCode OUT VARCHAR2)
RETURN VARCHAR2 IS
lv_err_msg VARCHAR2(100) := '';
lv_bucket_id VARCHAR2(14);
lv_bill_number VARCHAR2(30);
lv_anual_price NUMBER;
lv_coverage_code VARCHAR2(8);
lv_quote_num NUMBER(10) := NULL;
lv_line_num NUMBER(5) := 0;
lv_customer_number VARCHAR2(30) := customerNumber;
lv_product_id VARCHAR2(14) := productLine;
lv_count_quote NUMBER := 0;
lv_quote_status VARCHAR2(5);
lv_quote_version NUMBER(2):=0;
BEGIN
IF INSTR(orderNumber, '-') = 0 THEN
lv_quote_num := orderNumber;
ELSE
lv_quote_num := SPT_Delimiter(orderNumber, 1, '-');
lv_line_num := SPT_Delimiter(orderNumber, 2, '-');
END IF;
--Check status of the quote COM, APP
SELECT COUNT(*) INTO lv_count_quote FROM sot_order_header WHERE ORDER_NUMBER=lv_quote_num
AND ORDER_STATUS IN ('APP', 'COM') AND CUSTOMER_NUMBER = lv_customer_number;
IF lv_count_quote = 0 THEN
lv_err_msg := 'Invalid Order number';
RETURN lv_err_msg;
END IF;
-- Fetch the latest version on SPOT quote
SELECT MAX(VERSION_NUMBER) INTO lv_quote_version FROM SPT_QUOTE_HEADER WHERE QUOTE_NUMBER = lv_quote_num
AND CUSTOMER_NUMBER = lv_customer_number;
-- If quote is valid fetch the data in OUT parameters
IF lv_line_num = 0 THEN
BEGIN
SELECT a.CUSTOMER_BILLTO_NUMBER,
b.LINE_NUMBER, b.BUCKET_ID,
b.ANNUAL_REF_RATE_USD, b.COVERAGE_CODE
INTO lv_bill_number,lv_line_num,lv_bucket_id,lv_anual_price,lv_coverage_code
FROM SPT_QUOTE_HEADER a, SPT_QUOTE_LINE b
WHERE a.QUOTE_NUMBER = lv_quote_num
AND a.CUSTOMER_NUMBER = lv_customer_number
AND a.VERSION_NUMBER = lv_quote_version
AND a.QUOTE_NUMBER = b.QUOTE_NUMBER
AND a.VERSION_NUMBER = b.VERSION_NUMBER
AND b.PRODUCT_ID = lv_product_id;
ODNumber := lv_quote_num;
BilltoNumber := lv_bill_number;
Line_Number := lv_line_num;
ServiceID := lv_bucket_id;
AnnualPrice := lv_anual_price;
CoverageCode := lv_coverage_code;
RETURN '';
EXCEPTION WHEN OTHERS THEN
lv_err_msg := 'Multiple PIDs existing in the SPOT order, please provide the SPOT order + line number as input data';
RETURN lv_err_msg;
END;
ELSE
BEGIN
SELECT a.CUSTOMER_BILLTO_NUMBER,
b.BUCKET_ID, b.ANNUAL_REF_RATE_USD,
b.COVERAGE_CODE
INTO lv_bill_number,lv_bucket_id,lv_anual_price,lv_coverage_code
FROM SPT_QUOTE_HEADER a, SPT_QUOTE_LINE b
WHERE a.QUOTE_NUMBER = lv_quote_num
AND a.CUSTOMER_NUMBER = lv_customer_number
AND a.VERSION_NUMBER = lv_quote_version
AND a.QUOTE_NUMBER = b.QUOTE_NUMBER
AND a.VERSION_NUMBER = b.VERSION_NUMBER
AND b.PRODUCT_ID = lv_product_id
AND b.LINE_NUMBER = lv_line_num;
ODNumber := lv_quote_num;
BilltoNumber := lv_bill_number;
Line_Number := lv_line_num;
ServiceID := lv_bucket_id;
AnnualPrice := lv_anual_price;
CoverageCode := lv_coverage_code;
RETURN '';
EXCEPTION WHEN OTHERS THEN
          lv_err_msg := 'Multiple SPOT lines exist with same parameter';
          RETURN lv_err_msg;
END;
END IF;
EXCEPTION
WHEN OTHERS THEN
lv_err_msg := '@@@ EXCEPTION THROWN @@@ '|| SUBSTR(SQLERRM,1,120);
RETURN lv_err_msg ;
END;
Don't look at the function, it might have errors but my primary concern is how to test this function. Once I start doing its testing then only i can understand any bugs(if any).
My pl sql is not so good. Im still learning. I don't understand IN and OUT parameters are.
I just know that IN parameters r those whick we pass in to the function wen we call it and OUT parameters are those through which we get the result.
Thanks in advance
Vinod Kumar Nair

20100511 wrote:
I wondered how I could test the output of the function from within TOAD?I usually create the following function in my developer schema:
create or replace function BoolToChar( b boolean ) return varchar2 is
begin
if b then
    return( 'TRUE' );
else
    return( 'FALSE' );
end if;
end;To test a function like yours, the following will do in SQL*Plus/TOAD/etc:
begin
DBMS_OUTPUT.put_line(
    BoolToChar( XCCC_PO_APPROVALLIST_S1.does_cpa_exist(1017934) )
end;
I'm probably doing 101 things wrong here, but thought I'd ask anyway and risk being shouted at.Shout at? You reckon? I thought people risked being beaten with a lead pipe, or pelted with beer cans and stale pretzels - which makes being shouted at a really safe and viable alternative. {noformat};-){noformat}

How to test the migrated workflows in SharePoint 2013

Hi, we are migrated the portal from SharePoint (Moss) 2007 to SharePoint 2013 using Doc Ave tool.
Now my concern is how to test all (OOTB and SharePoint Designer) workflows are working properly in SharePoint 2013.
How to approach? Any ideas/help will be appreciated.

Hi Ashok,
Have the business users that use them or the folks that created them test them in the DEV environment prior to the PRD migration...
-Ivan

How to test domain controller on upgraded Win Server 2008 R2

The windows team recently upgraded the development environment for the domain controller from 2003 to Windows 2008 R2 and I am to test the Idm functionality on this upgraded version. Our current configuration is that the DC and Idm gateway runs on different machines. To test this new DC, i want to install the idm gateway on that server and run some onboarding and termination test cases just to make sure if the AD connection is working on the upgraded DC. But i am getting ’Input/output error’ when i try to install the service and from the documentation it says 'The most common cause of this is that you do not have rights to work with this service.'. The server admin tried installing the gateway with his id as well and it failed. He tested installing in on the 2003 version of DC and it worked, so its not a matter of permission (i think..)...
Does anyone have any better idea on how to test an upgrade of a DC from version 2003 to 2008 R2? Any help in this matter is appreciated. We are running Idm 8.1 on a Windows platform and an upgrade to OW 8.1.1. Patch 2 is also in the works..
Thanks in advance.

I may have found a workaround. Can you try to change the "compatibility mode" in 2008 R2 to "Windows XP SP3" and see if it will install?
Admittedly I have not done this myself so I'm not entirely sure where or how it's done, but I have confirmation it resolves the issue from others who have faced it.

How to test the payload in XI

Hi all,
could please explain how to test the payload in xi and with steps.
Thanks in advance,
Radhika

Hi Radhika,
You can test in three ways.
1.) In message mapping directly give the relevant data and then execute. Here you can test whether the mapping is correct or not.
2.) In Integrstion Directory after completing and activating the Configuration, in tool you can find the Test Configuration tab. There you can give the sender and receiver details along with payload. Here you can test whether the Configuration is correct or not.
3.) In RWB in COmponent monitoring. Select the Integration Engine Monitoring. Here give the sender and receiver details, Interface name, name space, Quality of service.
Now give user name and pass word.
Paste the payload from massage mapping and then press test tab. Here yoyu can directly send the message from XI server to the receiver system.
Ok,
Jeevan

How to test the rule if multiline container is passing to the task?

Hi Experts,
                  I am working on leave workflow. I have to get the approvers based on no of days of leave and leave type. I am getting these details in ITEMS_TAB internal table. I am passing this table to a rule. Now my problem is when I tried to simulate the rule I am not getting any input screen to enter the data.
ITEMS_TAB is an internal table type of   "PTREQ_ITEMS_WF_TAB_FLAT".
In the rule I have created a container by selecting the radiobutton "ABAP Dict. Data Type" and entered the above reference parameter is it right way?
Is it possible to test the rule independently if I use multiline container as import parameter in my rule? If so can anybody please tell me how to test the rule?
Thank You.
Srija.

Hi Pavan,
                 Thank you.
                 To copy the values I am not getting any input screen to input the values. I observed one thing that the type that I am referring in the Rule is a deep structure. Is this is the reason that I am not getting the input screen to enter the values?
I tested by creating aother rule by taking a field for that rule I am getting the input screen to simulate the Rule.
Can you please suggest if the rule will not work then what I have to do? without the rule how can I get the agents?
Thank you.
Srija

How to test a plug_in without Adobe Reader Integration Key?

I havge a project to create a plug_in for acrobat reader with Adobe Acrobat 8.1 SDK. I also apply for the Adobe Reader Integration Key, but I have not it by now. But deadline of the project is coming, is there any one who can tell me how to test the plug_in without Adobe Reader Integration Key?
I also have another question, does the plug_in I make with Adobe Acrobat 8.1 SDK can be compatible for all the version of Acrobat reader, such as 7.0, 8.0 and so on? Thank you.

You test the plug-in, as well you can, using Acrobat. You also build
it using the preprocessor options to build a Reader plug-in, so you
don't accidentally use an API not in Reader.
If you are saying, is there w way around the Integration key for
testing in Reader, the answer is no.
Different Reader keys and tools are needed for each version of Reader.
You will probably not get a key for an old version of Reader.
Aandi Inston

How to test the interfaces in XI ?

Hi ,
Our Xi system is being upgraded from 3.0 to 7.0. I was asked to test the interfaces once the upgradation is done. I am not sure how this testing is to be done and will there be aby test plan for this??
Can some one help me on this ??
Thanks in Advance,
Hemanthika

To test, you must have imported all your scenarios in to your new system.then couple of general tips,
1.testing can be done only after understanding the scenario.
For this, u refer to the integration scenario in ur design. so this shall give u an idea about all the systems involved in integration and how the data flowing is between them and what kind of systems they are?
2. For testdata, you might need of business or functional team as you cannot have any info on the file formats etc(depending on different scenarios invloved like R3, SOAP Databse etc)
these are only general tips. but u can refer to many of the trouble shooting guides already available blogs in sdn for any sought of inputs.But then, SDN is always there.
you can test/monitor ur results in RWB->component monitoring
also in sxmb_moni
thanks
kiran
Edited by: kiran dasari on Mar 17, 2008 4:44 PM

How to test Adapter Module

Hi
My Scenario is File - to - File
I have written one adapter module and i have deployed in J2ee Engine as well. In sender communication channel i have given the JNDI name like
<b>"localejbs/<JNDI Name>"</b>.I have tested the my file to file scenario by placing a file in source directory which i have mentioned in Communication channel Source Directory and File Name.But i didnt find any difference in target file.
I have used the following blog
<b>
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/da5675d1-0301-0010-9584-f6cb18c04805</b>
1.How to test the adapter module.
2.How to configure my communication channel.
Please help me its very urgent
Best Regards
Ravi Shankar B

Hi,
check JNDI service in visual admin to see if
your service has the same name there
>>>>1.How to test the adapter module.
by using it in a channel
>>>>2.How to configure my communication channel.
add you adapter module to the adapter module tab
in communication channel
Regards,
michal

How to test anomaly detection in IPS6 ?

Similar Messages

Maybe you are looking for