Log entry information
I am looking for any help on understanding what field reported the "trojan" entry found in the log entry below:
http://load.videohub.com/core?playerID=P-63Z-6P9&bootloaderID=B-0Y9-YVC, IW_busi,-5.4,"1","-",-,-,-,"-","-",-,-,-,"-","-",-,"-","-",-,-,IW_busi,-,"-","trojan","Unknown","Unknown","-","-",1.26,0,-,"-","-"> NONE/504 11201
I understand that the access was not allowed due to a gateway timeout, we also are not running any type of malware/virus scanning on the WSA. This is from a W3C log file. The log fields we use are listed below:
c-ip
cs-mime-type
cs-username
date
time
cs-url
sc-bytes
x-wbrs-score
x-result-code
x-resultcode-httpstatus
x-webcat-req-code-abbr
x-elapsed-time
Thanks
Dominick
Hi Dominick,
The log field ( %Xr ) x-result-code is the reason why your seeing " trojan" in your W3C logs. The result code that your looking based on our phone conversation is:
sc-http-status
%h
HTTP response code
This information is located in the online userguide of the WSA -> GUI -> Support and Help -> Online Userguide -> Search tab -> W3C -> page 63 about 1/4 of the was down on that page you should find the entery above.
Sincerely,
Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator
Similar Messages
-
New Archived log entry in alert log after cpu patch 19 applied
Has anyone applied October critical patch for 11.1.0.7? I applied the cpu Patch 19 (8892977) for 11.1.0.7 on several windows2008 servers and after the patch the alert log displays a new message everytime a redo log transfers. This only happens on servers that have archivelog on. It looks like there is some kind of trace set. Anyone know know what the message is?
Thanks,
Kathie
Archived Log entry 10937 added for thread 1 sequence 10938 ID 0xa96e3908 dest 10:Hi Mark!
Yes, Oracle informed me that this message is normal and is only used for formational purposes. I should just ignore it.
Did you apply patch19? I have also found issues with a high amount of "waits" of type of "other". Some jobs are running slightly slower also. Also, if you check your "database health link" on dbconsole home page you will see consistant "non-critical" alerts. I don't have these alerts on servers not yet patched. This alerts appear to be caused by wait events of "other".
Kathie -
Clean up of work flow logs entries (WFMC) from tables CMFP and CMFK
Hi,
I am cleaning up the tables CMFP and CMFK for work flow logs entries with app id WFMC. I used the cleanup programs RSCLNAFP, RSCLCMFP but the entries are still seen on the tables. Can anyone please advice ?Hey,
I think notes: 627257, 758952 would help.
if not, please read notes 52114, 617634, and:
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/25c1f5d1-0901-0010-d495-e96d02a0cb01
the link above advice to run transaction NACE:
To avoid unnecessary growth of tables CMFP and CMFK, you can prevent the creation of processing logs by following these steps:
1. Call up transaction NACE (Conditions for Output Control).
2. Choose the desired applications and then Output Types.
3. Double click on the output type to go to the detail view where you can make the necessary settings. To make the settings you must enter the change mode.
4. Set the indicator do not write processing log and save your settings.
This setting is only applicable to the individual application and output type. If it is set, processing logs will be collected in the main memory, but they will not be written to the database. Other output types are not affected by this setting. You have to repeat the aforementioned steps for each output type individually. It is not possible to switch off the processing log for all output types at the same time. For more information on the setting do not write processing log see the corresponding documentation. -
Incorrect log entries from iPhone and iPad
Hello iPhone/iPad users and admins
For some time now, I have the problem, that I find the following entries in my log files of a business firewall.
Here are the log entries
# Time Message Source Destination Notes Category Priority Rule
1 03/19/2011 23:43:53.640 IP spoof dropped Alert Intrusion Prevention 10,157,205,175, 62 348, X3 192.168.210.1, 8080, X8 MAC address: 40: a6: d9: 9a: f1: 2e
# Time Message Source Destination Notes Category Priority Rule
1 03/29/2011 09:38:00.352 IP spoof dropped Alert Intrusion Prevention 10.153.53.141, 51 561, X3 192.168.210.1, 8080, X8 MAC address: 40: a6: d9: 9a: f1: 2e
# Time Message Source Destination Notes Category Priority Rule
1 04/18/2011 18:23:03.560 IP spoof dropped Alert Intrusion Prevention 10,150,154,123, 49 515, X3 192.168.210.1, 8080, X8 MAC address: 40: a6: d9: 9a: f1: 2e
# Time Message Source Destination Notes Category Priority Rule
1 04/26/2011 08:20:49.544 IP spoof dropped Alert Intrusion Prevention 10.120.159.79, 56 770, X3 17,250,248,212, 443, X8, switchboard.me.com MAC address: d8: 30:62:81: f6: 7a
# Time Message Source Destination Notes Category Priority Rule
1 27/04/2011 02:40:35.496 IP spoof dropped Alert Intrusion Prevention 10.120.159.79, 56 860, X3 17,250,248,212, 443, X8 MAC address: d8: 30:62:81: f6: 7a
# Time Message Source Destination Notes Category Priority Rule
1 06/05/2011 21:57:47.928 IP spoof dropped Alert Intrusion Prevention 10.166.15.122, 61 764, X3 17,250,248,212, 443, X8 MAC address: d8: 30:62:81: f6: 7a
and so on .....
After a long search, I found out that it is my iPhone and my iPad.
How do I find out which app is behaving wrongly , because along side with the wrong IP the equipment does get a correct IP and can be used quite normal on the Internet.
Do I have to use the developer environment to test out each APP or can I find it out with a packet capture?
Is there some other way or do I have to denistall all apps and activate one by one an test the logfiles?
This would be a dayswork and I hope I can go around this.
Thanky you for any relevant information.
Kind regards
ThomasHi A. Hinsen!
It's the same with me. I sync a lot of pictures to the iPad setting "Selected albums, events ..." and using iPhoto on my Mac. But when I added some pictures to an iPhoto-event and try to sync them again, iTunes automatic set "All pictures ..." and the iPad do not contain any picture. Allthough I just looked at them before I started the synchronisation.
I hate it because the synchronisation need about an hour. And I am in a hurry.
Reinhold -
i was playing and online game earlier tonight and all of a sudden i got disconnected when i finally managed to get my pc to connect up to my router (i hade to remove the phone cable and perform a power cycle as simple restart button wasnt enough) i found the following log entries in the machine
23:19:52 22 Jul
IDS proto parser : tcp data on syn segment (1 of 1) : 173.201.146.1 217.42.75.241 0419 TCP 80->31594 [S.A...] seq 624090545 ack 102806882 win 16384
23:16:31 22 Jul
SNTP Synchronised again to server: 213.123.26.170
23:10:04 22 Jul
IDS proto parser : udp null port (1 of 1) : 82.33.120.197 217.42.75.241 0048 UDP 0->1948
at the same time sa the first entry was made my 2 wondows vista pc's we cut off from the router
and at the same time as the secodn entry my 2 win xp pc's were cut off as well
it took me a while to get everythign reconected to the internet but i cant seem to find any reason for what has happend
i realsie its an intrusion detection log entry but it means nothing to me and trying to google for it returned a lot of nonsence about p2p programs but nothing that matched the entries
should prolly mention i have a V2(A) home hub
Hub Firmware Information
Current firmware
Version 8.1.H.J (Type A)
Last updated
28/01/10
so am kinda hoping this is the lastest update
any ionfo on what just happend would be nice and also why the wireless keeps getting turned on when this stuff happens (i have it turned off since i dont have anythign i need connectiong wirelessly)There is an issue with some older versions of the home hub which causes loss of connection if the IDS events fill up the internal memory.
This causes loss of DNS, which can be fixed by clearing the IDS logs. I thought this problem had been fixed in later firmware releases.
On my old home hub I run a script to clear the IDS logs at regular intervals, which sorts the problem out.
The alternative is to reboot the hub.
There are some useful help pages here, for BT Broadband customers only, on my personal website.
BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones. -
Excessive log entries with buffalo linkstation
Hi all,
I am getting excessive log entries on my MacBook Pro (OS 10.6.7) that appear to be related to my Buffalo LinkStation HD-CELU2 external drive. This drive is connected to my Airport Extreme (latest firmware) via USB and acts as my iTunes (10.2.2) library, which also serves as the music source for a Sonos digital music system. A sample of the log entries follow:
4/18/11 8:15:22 PM com.apple.launchd[1] (jp.buffalo.NASPower) Throttling respawn: Will start in 60 seconds
4/18/11 8:15:39 PM com.apple.launchd.peruser.501[131] (jp.buffalo.NASPower[6798]) posix_spawn("/Library/PrivilegedHelperTools/NasNavigator2.app/Contents/MacOS/Na sNavigator2", ...): No such file or directory
4/18/11 8:15:39 PM com.apple.launchd.peruser.501[131] (jp.buffalo.NASPower[6798]) Exited with exit code: 1
4/18/11 8:15:39 PM com.apple.launchd.peruser.501[131] (jp.buffalo.NASPower) Throttling respawn: Will start in 60 seconds
It says that a file isn't found, and that could be because I uninstalled NASNavigator in an attempt to get rid of these extraneous log entries. Uninstalling the software seems to have only resulted in changing the messages (to "no such file"), not reducing or ending them.
This log entry is constant; it occurs even when the computer has no need to access the Buffalo hard drive. It makes it very hard to diagnose any other issues because it both clutters the log and causes it to only recall a couple of hours worth of log info.
Thanks in advance!Ho everyone, just registered as I have a Bold 9900 and am considering a Playbook with the new OS2. Does anyone know whether I will be able to get it to talk to my Buffalo Linkstation. think its a Pro Duo 2 and is about 2-3 years old.
-
.sh file usage log entries multiplied
Hi all,
I have a very strange problem: In order to find out what parts of a big application being used,
I have added the following line as the first executable line in every .sh file:
/application/sh_log $0
The file sh_log looks like this:
now=$(date +"%Y_%m_%d")
filename=/spool/logs/sh_log_$now.log
if [ -f $filename ]; # Does logfile exist?
then
echo $(basename $1)";"$(date +"%Y%m%d%H%M%S")";" >> $filename # Logfile exists, append log record
else
touch $filename # Logfile did not exist, create it
chmod 7777 $filename # Make it writeable
echo $(basename $1)";"$(date +"%Y%m%d%H%M%S")";" >> $filename # Ans append log record
fi
The application calls it's .sh files in a number of ways, but all of them originating from crontab.
What confuses me is that log entries often appear in tuples, that is, when the application's
.sh file is calling the file making the log entry, supposedly to make a single log entry, I'm still
getting 2, 3 or even more log entries with the same time-stamp (resolution: 1 sec).
I don't understand this and would appreciate if some guru here could give me a clou.
Regards
LarsHi,
I would log also PIDs together with script name: "/application/sh_log $0 $$". Then you could see whether the application script or sh_log is really called more times (different PIDs).
Also consider to use chmod 0777 instead of 7777. So, e.g.:
now=$(date +"%Y_%m_%d")
filename=/spool/logs/sh_log_$now.log
[ ! -f $filename ] && touch $filename && chmod 0777 $filename
#Format: my_PID;script_name;script_PID;timestamp;
echo $$";"$(basename $1)";"$2";"$(date +"%Y%m%d%H%M%S")";" >> $filename
Regards
Vaclav -
How do I update the file where log in information is kept?
Log in information occasionally changes and I would like to know how to delete the old information and add the current info. The updated info doesn't support the Norton Toolbar which contained an easy to use program for this purpose which I was using. If there is a way to directly access the location that has this info, then I could make whatever changes are necessary.
Thank you.See:
* http://kb.mozillazine.org/Deleting_autocomplete_entries
* http://kb.mozillazine.org/Password_Manager -
Log entries in Service Consupmtion Layer Application Logs of Duet Enterpr
Dear all,
I need your inputs to solve the below mentioned issue,
There is a communication developed between MS sharepoint and SAP.
By using Mapper Classes for each and every operations the conversion of data format from Sharepoint to SAP and viceversa happens.
We can see the message or error logs created during the conversion process using the T-code /iwfnd/view_log.
But i want my custumized messages has to come in that log for that i used the following code in the mapper class Post method but still my logs are not coming in the T-code /iwfnd/view_log.
DATA: lo_logger TYPE REF TO /iwfnd/cl_logger,"logger singleton
lo_message_container TYPE REF TO /iwfnd/if_message_container,"message container
lv_message TYPE bapi_msg,
lv_log_material TYPE symsgv,
lv_log_plant TYPE symsgv,
lv_instance_counter TYPE i,
lv_previous_pur_doc TYPE char10.
CONSTANTS gc_log_agent_name TYPE /iwfnd/sup_iw_agent VALUE 'Dev Guide Purchase Req'.
CONSTANTS gc_log_msg_id TYPE symsgid VALUE 'ZDUET_SCL_PR'.
Get logger
CALL METHOD /iwfnd/cl_logger=>get_logger
RECEIVING
ro_logger = lo_logger.
initialize the post mapper log step
lo_logger->log_step_init(
EXPORTING iv_msg_number = 000 "Post Mapping started for Purchase Req Header Query
iv_msg_id = gc_log_msg_id " message class
iv_system_alias = iv_system_alias "Backend System Alias
iv_agent = gc_log_agent_name "Dev Guide Purchase Req
RECEIVING
rv_msg_handle = lv_msg_handle ).
lo_logger->log_message(
EXPORTING
iv_msg_type = /iwfnd/cl_logger=>info " Message Type
iv_msg_id = gc_log_msg_id " Message Class
iv_msg_number = 006 " Message Number
iv_msg_v1 = lv_instance_counter " Message Variable
iv_system_alias = iv_system_alias " System Alias
iv_agent = gc_log_agent_name " IW Agent
Else
read through the input parameters for logging query parameters
READ TABLE it_parameters INTO ls_parameters WITH KEY attr_name = 'MATERIAL'.
lv_log_material = ls_parameters-low.
READ TABLE it_parameters INTO ls_parameters WITH KEY attr_name = 'PLANT'.
lv_log_plant = ls_parameters-low.
get the message container to add messages
lo_message_container = io_request_data->get_message_container( ).
set the request result code to failed so a fault message can be created
CALL METHOD io_request_data->set_result_code
EXPORTING
iv_result_code = /iwfnd/if_srd_request_context=>cs_result_code-failed_permanent.
add the message to the message container, this will create an error log entry automatically
CALL METHOD lo_message_container->add_message
EXPORTING
is_object_key = ls_key
iv_msg_type = 'E' "Error
iv_msg_id = gc_log_msg_id
iv_msg_number = 004 "Query for Material &1 and Plant &2 returned no results.
iv_msg_v1 = lv_log_material
iv_msg_v2 = lv_log_plant
iv_is_leading_message = abap_true
iv_message_creator = gc_log_agent_name.
Endif.
end this post mapper log step
lo_logger->log_step_completion( EXPORTING
iv_msg_type = /iwfnd/cl_logger=>info
iv_msg_id = gc_log_msg_id
iv_msg_number = 002 "Post Mapping finished for Purchase Req Header Query
iv_system_alias = iv_system_alias
iv_agent = gc_log_agent_name
iv_msg_handle = lv_msg_handle ).
please let me know the answe for this issue.
Many thanks in Advance,
HarishHi Girimurugan,
I am currently working with SAP Gateway related stuffs and I need a clarification regarding the application log.
Hope you are very busy and please clarify the doubts if you can spare few minutes towards this query.
Appreciate your valuable advise towards this.
Query:
Can we log any of the different types of logs (I Info / W Warning / A Abort or Cancel / E Error ) into Application Log(/IWFND/APPS_LOG) of the Gateway system in a Hub deployment model ?
How the logging can be achieved?
What are the scenarios, wherein the Application logs are preferred?
Also I have already raised a query in the SCN with this link: http://scn.sap.com/message/15477543. But could not get much details about it.
Can you please clarify the same?
Thanks & Regards,
Mohamed Meeran -
Mysterious repeat log entries in System events log
I tried unsuccessfully to share internet connection with 2 iMacs without router(That doesn't matter). But after this, my iMac (24" 2.8 GHz) not networked or on internet now shows this repeated log entries every minute:
com.apple.launchd[1] (com.apple.InternetSharing): Throttling respawn: Will start in 10 seconds
This message gets repeated every minute on System events log. Daily, Monthly maintenance was not done automatically earlier today on this iMac (usually it did without any problem) which was on all-night.
I checked with Disk Utility, repaired permissions. Although no problems in working, this continuous log writings disturbs me.
Thanks for any help & Happy New Year!
Best.Thanks, V.K. Did that (was asked password). System log showed after restart:
com.apple.launchd[1] (com.apple.InternetSharing[152]): Exited with exit code: 1
com.apple.launchd[1] (com.apple.InternetSharing): Throttling respawn: Will start in 10 seconds
com.apple.launchd[1] (com.apple.InternetSharing153): Exited with exit code: 1
com.apple.launchd[1] (com.apple.InternetSharing): Throttling respawn: Will start in 10 seconds
Then it started again the same way as above - with each aditional line each time as shown above. Thanks for sticking with me on this. Hope you will offer other suggestions.
Best. -
Hi!
I'm the login page, I have acknowledgment checkbox. When the user checks the box it displays the User Name, Password and login button.
I am trying to provide a means to create an audit log entry to record the user's acceptance or every time the user successfully logs in.
Can anyone help me with this?
Thanks,
Bino...from yesterday: Re: successful login return value
Scott -
Windowserver log entries: kCGErrorIllegalArgument:
I'm a newbie to Mac & OS X - I'm seeing lots of entries (sample below) in the log which I don't understand.
Any help appreciated.
Dec 09 11:18:23 [55] kCGErrorIllegalArgument: CGXSetWindowListTags: Operation on a window 0x2 not owned by caller SecurityAgent
Dec 09 11:18:23 [55] kCGErrorIllegalArgument: Set a breakpoint at CGErrorBreakpoint() to catch errors as they are returned
Dec 09 11:18:23 [55] kCGErrorIllegalArgument: CGXOrderWindow: Operation on a window 0x2 not owned by caller SecurityAgent
Dec 09 11:29:53 [55] kCGErrorIllegalArgument: CGXSetWindowListTags: Operation on a window 0x6 not owned by caller SystemUIServer
Dec 09 11:44:49 [55] kCGErrorIllegalArgument: CGXSetWindowListTags: Operation on a window 0x6 not owned by caller TunnelblickHi,
I checked my lab, and saw that only incident's log entries is sorted by date:
Log entries for SR and Problem are not sorted:
And this is hard-coded, if you want to sort them by date, we should click Date Time.
Regards,
Yan Li
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Log Entries not sorted in Problem work items
We have noticed that the Log Entries in all Problem work items appear to be randomly sorted. You can manually sort them by clicking on the column headers.
Log entries for Service Request and Incident work items are sorted by Created date as default which I guess is how most people would want them. Has anyone else noticed this or can this be configured locally somehow?
ThanksHi,
I checked my lab, and saw that only incident's log entries is sorted by date:
Log entries for SR and Problem are not sorted:
And this is hard-coded, if you want to sort them by date, we should click Date Time.
Regards,
Yan Li
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Can someone explain how log entries work in FMS 3? If I play
one FLV file, there are 5 entries. I am starting with a clean
logfile to see how things are logged and I see:
Connect
Play
Stop
Play
Stop
A total of these 5 entries has a throughput of 36MB for this
one play. Is that correct? Is there an expert who knows how logging
works in FMS3?
TIA.shamus1 wrote:
for a long time i had been getting this in my logs
(765310.500000) CWMP: Set Parameter by TR069 failure 9005: Invalid parameter name
but since the log entries
21:48:56, 13 Sep.
(864052.520000) CWMP: Session start now. Event code(s): '7 TRANSFER COMPLETE,M Download,4 VALUE CHANGE'
21:48:55, 13 Sep.
(864051.130000) CWMP: Initializing transaction for event code M Download
21:48:55, 13 Sep.
(864051.130000) transfer completed successfully
21:48:52, 13 Sep.
(864048.200000) CWMP: session completed successfully
21:48:52, 13 Sep.
(864047.980000) CWMP: Download file, FileType=4, FileName=4a-5app-bundle-v3-package.tar.gz.aes.rsa.signed, Username=, CommandKey=1736293426
i am now getting
21:48:58, 14 Sep.
(950453.180000) CWMP: Set Parameter by TR069 Success
21:48:56, 14 Sep.
(950450.560000) CWMP: Set Parameter by TR069 Success
This may not be significant as I have had both the success and failure messages after the download of the file. -
Add log entries to an emailed alerts
Is there any way to add the logs entries that is included in a report/incident in an emailed alert. In other words, instead of just having the link to the mars emailed in the alert, have the actual data that the user will see once they enter the mars.
I have been working on this one for a few months now. Out of the box, no, there is not. There was a feature request added into 6.0.3 that was supposed to add this functionality but it got left out because it was going to be a lot of work. I have opened a new case with TAC (611170537) and the guy confirmed that the engineers added some data to the email alerts that was already being processed and wouldnt need much additional coding.
I have filed a new feature request with my local Cisco team but I do not know the bug id yet. Basically what i want is the ability to create an email template which will have the ability to include variables in the email, so the raw message or matched event ID can be included. I was told by the guy at TAC that when he brought up this idea to the developers, they werent too excited because it seemed like a lot of work and there didnt seem to be a business case for it. So if anyone wants to see this feature added, please contact your local account team and include my latest case #. I will include the bug id once I get one. The only way to get this feature added is to request it.
Maybe you are looking for
-
Connect USB Hard Drive to Airport Express : Any development plans for this?
Hello, I was wondering if anyone knew if there were plans to utilize the USB port for anything other than a printer? I think that being able to attach my LaCie 500GB USB drive would be awesome!! Best Regards
-
Hello. I have a problem that might be synthesized with the following example: On one menu there are six buttons. Five of these take you to a certain video, and the sixth, is a "play all" button, that plays all the videos one after the other. The prob
-
Get the current status of IDOC
Hi, I want the current status of IDOC. Is there any function module through which i can get the current status of IDOC?
-
Migrating SQL Management Data Warehouse to a new server
Is there a defined path for migrating a Managment Data Warehouse to a instance? Does Microsoft provide any scripts for this? Is it a case of backing up and restoring databases to the new instance? And what about all the data collection sets running o
-
How to create a customer feedback form?
I am a tech writer who works for a very large, global computer company. We have thousands of technical documents on the web. We're interested in providing a customer feedback mechanism that would be invoked by our PDF documents. I watched the Adobe T