IPS Tech Tip - "show tech" command part 2 - IPS dev team webinar
Hi Folks,
The IPS product management and development team would like to invite you to this 30-40 minute webinar followed by Q&A sessions. These will be recorded and put on this forum as well. We hope you can attend.
-Robert
Robert Albach invites you to attend a Web seminar using WebEx. This event requires registration.
Topic: Cisco IPS Tech Tips - show tech part 2
Host: Robert Albach
This month's Cisco IPS Tech Tip will continue December's show tech command discussion. The show tech command holds a wealth of information regarding your IPS's performance and status. Cisco IPS development team members will continue to talk about what all this information means to you and then answers your questions.
Date and Time:
January 27, 2011 10:00 am, Central Standard Time (Chicago, GMT-06:00)
To register for the online event
1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=202882129&t=a&EA=ralbach%40cisco.com&ET=85576c2dbfd6dca4b756de40b6728a2b&ETR=5d7e40b0e38f564be0a8bd55114369fc&RT=MiM3&p
2. Click "Register".
3. On the registration form, enter your information and then click "Submit".
Once the host approves your registration, you will receive a confirmation email message with instructions on how to join the event.
Sadly we did not get the recording done. The presentation and the example pcaps however are on this forum now.
-Robert
Similar Messages
-
Cisco IPS Tech Tips: 2010 Dec. 16 - Show Tech Part 1 Recording
Hi Cisco IPS Users,
I've attached the recording from our last Tech Tips regarding the "show tech" command. We hope that you will find this of value in the operation of your Cisco IPS.
As always feel free to leave comments on the content or future subjects you would like to see us address.
The continuation of this discussion will take place today (Jan 27th).
Thanks,
-Robert
Robert Albach
IPS Product Management
[email protected]The recordings and the presentation slides are placed here on the Cisco Support Community. I think if you roll the threads back some you will see the prior month's Tech Tips (then called Tech Talks) posted.
This one will be posted a few days after the event.
-Robert -
Cisco IPS Tech Tips: 2010 Dec 16 - show tech commands
Robert Albach invites you to attend a Web seminar using WebEx. This event requires registration.
IPS Tech Tips are monthly webinars lasting approximately 30 minutes with question and answer to follow. This month’s event will focus on the “show tech” command and its potential relevance to your IPS operation.
Topic: Cisco IPS Tech Tip 2010 Dec 16 - Show Tech
Host: Robert Albach
Date and Time:
December 16, 2010 10:00 am, Central Standard Time (Chicago, GMT-06:00)
To register for the online event
1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=205452108&t=a&EA=ralbach%40cisco.com&ET=72ce549014a807001ae666a6d82dcc7c&ETR=6ff5ff3ebf442ab68017b906c9ead1a7&RT=MiM3&p
2. Click "Register".
3. On the registration form, enter your information and then click "Submit".
Once the host approves your registration, you will receive a confirmation email message with instructions on how to join the event.
For assistance
You can contact Robert Albach at:
[email protected]
http://www.webex.com
IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and any documents and other materials exchanged or viewed during the session to be recorded. By joining this session, you automatically consent to such recordings. If you do not consent to the recording, discuss your concerns with the meeting host prior to the start of the recording or do not join the session. Please note that any such recordings may be subject to discovery in the event of litigation.The recordings and the presentation slides are placed here on the Cisco Support Community. I think if you roll the threads back some you will see the prior month's Tech Tips (then called Tech Talks) posted.
This one will be posted a few days after the event.
-Robert -
IPS Tech Tip - Evasions - TCP/IP examples and handling - Sig team presentation
Hi Customers,
Its summer time and nothing evokes cool quite like a discussion into the TCP / IP stack and how creative attacker types try to hide attacks behind it. This presentation will feature a security researcher from our signature team and will be the first of several presentations on evastions and how the Cisco IPS handle them.
We hope that you can make it.
Thanks,
-Robert
Robert Albach invites you to attend a 30-45 minute Web seminar on the Cisco IPS internal operations using WebEx. This event requires registration.
Topic: Cisco IPS Tech Tips - Handling Evasions
Host: Robert Albach
Date and Time:
August 25, 2011 9:30 am, Central Daylight Time (Chicago, GMT-05:00)
To register for the online event
1. Go to https://ciscosales.webex.com/ciscosales/onstage/g.php?d=201261254&t=a&EA=ralbach%40cisco.com&ET=64ed8e6d81005252203f6671cfeee480&ETR=fb46b8799a6afe989e9a744f0fac0d77&RT=MiM3&p
2. Click "Register".
3. On the registration form, enter your information and then click "Submit".
Once the host approves your registration, you will receive a confirmation email message with instructions on how to join the event.Sadly we did not get the recording done. The presentation and the example pcaps however are on this forum now.
-Robert -
IPS Tech Tips: IPS Best Practices with Cisco Remote Management Services
Hi Folks -
Another IPS Tech Tip coming up and this time we will be hearing from some past and current Cisco Remote Services members on their best practice suggestions. As always these are about 30 minutes of content and then Q&A - a low cost high reward event.
Hope to see you there.
-Robert
Cisco invites you to attend a 30-45 minute Web seminar on IPS Best Practices delivered via WebEx. This event requires registration.
Topic: Cisco IPS Tech Tips - IPS Best Practices with Cisco Remote Management Services
Host: Robert Albach
Date and Time:
Wednesday, October 10, 2012 10:00 am, Central Daylight Time (Chicago, GMT-05:00)
To register for the online event
1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=203590900&t=a&EA=ralbach%40cisco.com&ET=28f4bc362d7a05aac60acf105143e2bb&ETR=fdb3148ab8c8762602ea8ded5f2e6300&RT=MiM3&p
2. Click "Register".
3. On the registration form, enter your information and then click "Submit".
Once the host approves your registration, you will receive a confirmation email message with instructions on how to join the event.
For assistance
http://www.webex.com
IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and any documents and other materials exchanged or viewed during the session to be recorded. By joining this session, you automatically consent to such recordings. If you do not consent to the recording, discuss your concerns with the meeting host prior to the start of the recording or do not join the session. Please note that any such recordings may be subject to discovery in the event of litigation. If you wish to be excluded from these invitations then please let me know!Hi Marvin, thanks for the quick reply.
It appears that we don't have Anyconnect Essentials.
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has an ASA 5510 Security Plus license.
So then what does this mean for us VPN-wise? Is there any way we can set up multiple VPNs with this license? -
Cisco IPS Tech Tips: Data Center Protections and Platforms
Hello Cisco Community Forum Members;
Robert Albach invites you to attend a 30-45 minute Web seminar on the Cisco IPS internal operations using WebEx. This event requires registration.
Topic: Cisco IPS Tech Tips - Data Center Protections and Platforms
Host: Robert Albach
Date and Time:
Thursday, July 19, 2012 10:00 am, Central Daylight Time (Chicago, GMT-05:00)
To register for the online event
1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=206048546&t=a&EA=ralbach%40cisco.com&ET=ade69a0aa29f279471b6a85feae46a71&ETR=5b39cf5f535442c1763f090845d7ddd3&RT=MiM3&p
2. Click "Register".
3. On the registration form, enter your information and then click "Submit".
Once the host approves your registration, you will receive a confirmation email message with instructions on how to join the event.
For assistance
http://www.webex.com
IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and any documents and other materials exchanged or viewed during the session to be recorded. By joining this session, you automatically consent to such recordings. If you do not consent to the recording, discuss your concerns with the meeting host prior to the start of the recording or do not join the session. Please note that any such recordings may be subject to discovery in the event of litigation.The recordings and the presentation slides are placed here on the Cisco Support Community. I think if you roll the threads back some you will see the prior month's Tech Tips (then called Tech Talks) posted.
This one will be posted a few days after the event.
-Robert -
Cisco IPS Tech Tips - Protecting Industrial Environments - Nov. 20 2012
Robert Albach invites you to attend a 30-45 minute Web seminar on protecting Industrial Environments with Cisco IPS. This event requires registration.
Topic: Cisco IPS Tech Tips - Protecting Industrial Environments
Host: Robert Albach
Date and Time:
Tuesday, November 20, 2012 10:00 am, Central Standard Time (Chicago, GMT-06:00)
To register for the online event
1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=204100621&t=a&EA=ralbach%40cisco.com&ET=9a66f6e8f36ecbaab4ac37ed47bae5cf&ETR=c55c84ed345001203dd77689eca88777&RT=MiM3&p
2. Click "Register".
3. On the registration form, enter your information and then click "Submit".
Once the host approves your registration, you will receive a confirmation email message with instructions on how to join the event.
For assistance
http://www.webex.com
IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and any documents and other materials exchanged or viewed during the session to be recorded. By joining this session, you automatically consent to such recordings. If you do not consent to the recording, discuss your concerns with the meeting host prior to the start of the recording or do not join the session. Please note that any such recordings may be subject to discovery in the event of litigation. -
IPS Tech Tips - Introducing NGFW with IPS
Robert Albach invites you to attend a 30-45 minute Web seminar on the Cisco new NGFW with IPS and its operations. This event requires registration.
Topic: Cisco IPS Tech Tips - Introducing NGFW with IPS
Host: Cisco Security Group
Date and Time:
Thursday, December 19, 2013 10:00 am, Central Standard Time (Chicago, GMT-06:00)
To register for the online event
1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=207672622&t=a&EA=ralbach%40cisco.com&ET=5a30e5f0d7b86e89044459f4fac9065e&ETR=6d878102a33643d67bc6b9d3df08da27&RT=MiM3&p
2. Click "Register".
3. On the registration form, enter your information and then click "Submit".
Once the host approves your registration, you will receive a confirmation email message with instructions on how to join the event.The recordings and the presentation slides are placed here on the Cisco Support Community. I think if you roll the threads back some you will see the prior month's Tech Tips (then called Tech Talks) posted.
This one will be posted a few days after the event.
-Robert -
Hi everyone, I'm doing a performance report, I have the output of show tech command, I'm considering the cpu and memory information for my performance report, but Im not sure about the normal operation, there is some parameter for a normal operation?, for example a router 2900, and whitch commands also I have to considering fomr my performance report?, I want a good inform for my lab, any help is welcome.
Thanks in advance.I think that you're talking about the output interpreter
https://www.cisco.com/pcgi-bin/Support/OutputInterpreter/home.pl
cheers. -
Cable modem link slowness w ISA570 and CLI "show tech" equivalent
Hi, I'm helping out a non profit that has a Mediacom 100mbs link, they get 90+ Speed connected directly to the cable modem, but anywhere past the ISA570 they only get 50-60mbs. They have switched cables, added a separate port, tried different PCs, results are the same, 50-60 mbs max.
Also it's their understanding the ISA570 can't do CLI, so how can they get the equivalent of a 'show tech' command to a file to send offsite for troubleshooting,
Thanks.
JimHello,
There is something similar to show tech on the ISA.
Log into the web GUI, go to Device Management >> Cisco Services & Support >> Send Diagnostics. At the bottom of that page is a Download button that will collect the config file, the logs, and some debug outputs into a zip file. You can use this to troubleshoot the device, although I usually prefer to be on the live device itself to look at things.
Before you dig too deep into those however, what kind of security services do you currently have enabled on the ISA? I was looking over the datasheet and while the SPI is capable of ~500mbps, when you start to enable the various security services those speeds start to drop.
If we look at the UTM (Unified Threat Management) throughput measures, that is at about 75mbps, which is fairly close to what you are getting. I would go through and disable the various security services one at a time and test your speed. My guess would be either A/V or IPS is slowing your connection down. It may be one or a combination of these services causing the slowdown. You can disable those options, or just explain that the extra security will cost a bit of speed.
Hope that helps a bit,
Christopher Ebert - Advanced Network Support Engineer
Cisco Small Business Support Center
*please rate helpful posts* -
Using ACS to deny show tech-support
I am trying to deny the show tech-support command using Cisco Secure ACS command authorization sets (picture included). All other deny commands are working (is show running-config) but no matter what I do the show tech is un-successful. Any ideas?
Do you have these authorization commands configured?
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
tacacs-server host 10.1.1.1 key cisco123
Debug aaa author should display:
AAA/AUTHOR/CMD: tty2 (2846421758) user='switchuser'
AAA/AUTHOR/CMD (2846421758): send AV service=shell
AAA/AUTHOR/CMD (2846421758): send AV cmd=show
AAA/AUTHOR/CMD (2846421758): send AV cmd-arg=tech-support
AAA/AUTHOR/CMD (2846421758): send AV cmd-arg=
AAA/AUTHOR/CMD (2846421758): found list "default"
AAA/AUTHOR/CMD (2846421758): Method=tacacs+ (tacacs+)
AAA/AUTHOR/TAC+: (2846421758): user=switchuser
AAA/AUTHOR/TAC+: (2846421758): send AV service=shell
AAA/AUTHOR/TAC+: (2846421758): send AV cmd=show
AAA/AUTHOR/TAC+: (2846421758): send AV cmd-arg=tech-support
AAA/AUTHOR/TAC+: (2846421758): send AV cmd-arg=
TAC+: Using default tacacs server-group "tacacs+" list.
TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5
TAC+: Opened TCP/IP handle 0x2E8FEA4 to 10.1.1.1/49
TAC+: 10.1.1.1 (2846421758) AUTHOR/START queued
TAC+: (2846421758) AUTHOR/START processed
TAC+: (-1448545538): received author response status = FAIL
Make sure to modify the original ACS Shell Command Authorization...
deny tech-support instead of deny tech. -
ACE 20 Modular - show tech too large
Hi
A Client sent me a show tech of this ACE 20, is inserted into a VSS, but this file is very large, the reason is a command "show acl-merge merged-list vlan 93".. Somebody can tell me is this information is normal, or not, I think that is possible attack point to the farm server. the service is up, in the other ace20. the symptom is can not reach the VIP of the service.
`show acl-merge merge vlan 93 in`
All ACEs in merged list 5 Total:6377 Non-redundant:5608
Priority:164, Lineno:0, ACE-id:61470 Action:PERMIT, Path-id:0x81/0x0/0x0:6/0[6/]
Pmap:0x5, Log:FALSE/FALSE[FALSE][FALSE], Interval:0/0[0][0]
Hash1:0x0 Hash2:0x0
Generated:TRUE, need-to-add-in-comp:NO_ACT_NEEDED, redundant:FALSE
Parent:: feature:SECURITY ace-lineno:8 ACL priority:0[G:0,P:0,C:0,ACL:0]
Parent:: feature:TO CP ace-lineno:2 ACL priority:16779265[G:0,P:1,C:8,ACL:1]
Feature:SECURITY Policy:1[1][1] sec-level:0x0 Intratype:SKIP
Feature:TO CP Policy:1[1][1] sec-level:0x0 Intratype:TERMINATE
Intertype:TERMINATE
IP address SRC:0.0.0.0/0.0.0.0 DST:172.23.98.20/255.255.255.255
Ports SRC:RANGE 8 8 DST:RANGE 0 0
Protocol:1
Hit Count:0 Active:TRUE Timerange:0
Priority:326, Lineno:0, ACE-id:61471 Action:PERMIT, Path-id:0x81/0x0/0x0:6/0[6/]
Pmap:0x5, Log:FALSE/FALSE[FALSE][FALSE], Interval:0/0[0][0]
Hash1:0x0 Hash2:0x0
Generated:TRUE, need-to-add-in-comp:NO_ACT_NEEDED, redundant:FALSE
Parent:: feature:SECURITY ace-lineno:8 ACL priority:0[G:0,P:0,C:0,ACL:0]
Parent:: feature:TO CP ace-lineno:2 ACL priority:16781313[G:0,P:1,C:16,ACL:1]
Feature:SECURITY Policy:1[1][1] sec-level:0x0 Intratype:SKIP
Feature:TO CP Policy:1[1][1] sec-level:0x0 Intratype:TERMINATE
Intertype:TERMINATE
IP address SRC:0.0.0.0/0.0.0.0 DST:165.183.93.51/255.255.255.255
Ports SRC:RANGE 8 8 DST:RANGE 0 0
Protocol:1
Hit Count:0 Active:TRUE Timerange:0
Priority:487, Lineno:0, ACE-id:61472 Action:PERMIT, Path-id:0x81/0x0/0x0:6/0[6/]
Pmap:0x5, Log:FALSE/FALSE[FALSE][FALSE], Interval:0/0[0][0]
Hash1:0x0 Hash2:0x0
Generated:TRUE, need-to-add-in-comp:NO_ACT_NEEDED, redundant:FALSE
Parent:: feature:SECURITY ace-lineno:8 ACL priority:0[G:0,P:0,C:0,ACL:0]
Parent:: feature:TO CP ace-lineno:2 ACL priority:16783361[G:0,P:1,C:24,ACL:1]
Feature:SECURITY Policy:1[1][1] sec-level:0x0 Intratype:SKIP
Feature:TO CP Policy:1[1][1] sec-level:0x0 Intratype:TERMINATE
Intertype:TERMINATE
IP address SRC:0.0.0.0/0.0.0.0 DST:165.183.93.51/255.255.255.255
Ports SRC:RANGE 8 8 DST:RANGE 0 0
Protocol:1
Hit Count:0 Active:TRUE Timerange:0
Priority:647, Lineno:0, ACE-id:61473 Action:PERMIT, Path-id:0x81/0x0/0x0:6/0[6/]
Pmap:0x5, Log:FALSE/FALSE[FALSE][FALSE], Interval:0/0[0][0]
Hash1:0x0 Hash2:0x0
Generated:TRUE, need-to-add-in-comp:NO_ACT_NEEDED, redundant:FALSE
Parent:: feature:SECURITY ace-lineno:8 ACL priority:0[G:0,P:0,C:0,ACL:0]
Parent:: feature:TO CP ace-lineno:2 ACL priority:16785409[G:0,P:1,C:32,ACL:1]
Feature:SECURITY Policy:1[1][1] sec-level:0x0 Intratype:SKIP
Feature:TO CP Policy:1[1][1] sec-level:0x0 Intratype:TERMINATE
Intertype:TERMINATE
IP address SRC:0.0.0.0/0.0.0.0 DST:165.183.93.61/255.255.255.255
Ports SRC:RANGE 8 8 DST:RANGE 0 0
Protocol:1
Hit Count:0 Active:TRUE Timerange:0Hi.
We reboot the ACE20, and let one contex in this module.. The services is OK now, but my only doub is why the show tech-support is too large and appear the out of command show acl-merge merged-list vlan 93, with a lot of line..
I try to run command "show tech-support" again and submit. -
Hello
we have 2 6500 in VSS , with image 15.1(1)SY1.
I had to do show tech as there was some issue in our network , when i gave this command immidiately show process cpu output showed usage as 100% and resource was SSH Process and show tech output never got complete session got hanged and I had to open new VTY session
I want to know does this happen eveytime when we give show tech or there is a issue with our device .Amit
It is not necessarily an issue with your switches. When you are logged in via the vty lines and you issue a command like "sh tech" there is a large amount of data to be displayed and it is normal for the CPU to spike when it does this -
Q. How can we reduce the process for SSH on 6500?
A. If it is virtual exec, that is used for servicing vty lines, Vty lines are used for logging into the switch. If we are trying to dump a huge output like "show tech", it is expected to see high CPU and is not a matter for concern.
full link -
https://supportforums.cisco.com/docs/DOC-22037
so what you are seeing is normal. But what is not normal is the display getting hung and having to open a new session.
So if it happens all the time it would be a problem but it could just be that at that particular time the switch was busy doing other things that also placed a load on the CPU.
Jon -
I ran the command show tech-support without page and other options on IDS, output is just going on from last 2 hours. I phave pressed ^c many times but it's not coming to prompt and not stopping.
If any one have solution please update..You should be able to stop it using 'CTRL+C'.
-
Is there a way to do a show tech-support and pipe it to a file or tftp so that I can send it to a vendor? If so, what would the command be?
Thanks.
JeffYou can use the redirect feature
show tech-support > bootflash:tsupport_file
http://www.cisco.com/en/US/partner/docs/switches/datacenter/sw/4_2/nx-os/fundamentals/command/reference/fnd_commands.html#wp1136081
Thanks
Hatim
Maybe you are looking for
-
How can I clean up an outline image?
Hi there I have an outline image of 4 jigsaw pieces which are a little blurry and rough around the edges including some of the original color that was in the image. Can anyone suggest how or where I can read how to: a) select the outlines and clean t
-
HT1338 thunderbolt to gigabit update for retina macbook pro
Still only getting 100mbs through tis connector. Any updates yet?
-
Triple-tapping the home button (iphone 6)?
I just got an iphone 6 last night, and while exploring the features, I accidentally tapped (not clicked, but just barely touching it) the home button and the screen moved down halfway to display a black top half of the screen. Does anyone know why, o
-
Error when accessing SAPbobsCOM.Documents Object (ErrorCode: -2147417851)
Hello! I have a problem when running this code: private SAPbobsCOM.Documents comObject; comObject = (SAPbobsCOM.Documents)c.Connection.GetBusinessObject(SAPbobsCOM.BoObjectTypes.oOrders); comObject.Address = "Address"; Then I get the exception: 'comO
-
Music app shows duplicate playlists
The music app on my wifes iphone 4 is showing duplicates for the recently played and recently downloaded playlists. also whenever a new playlist is created it shows twice on the list. some of theses cant be deleted. this is the only device that has t