Number of Alerts Consumed by AlertInterval
When I do a show stat virt I see the following information:
Number of Alerts Consumed by AlertInterval = 744
Sig 3653.0 = 744
What does this mean? I checked the signature and the Alert Interval is set to 2. The Action is set to Produce Alert, so I am expecting it to send an alert to IME, but I don't see it.
Only when the alert has at least one action will it be passed to the event action handler.
So the other 59 alerts did not have any event action. Either no action was added directly from the signature definition, or the alerting type actions were removed because of summarization, or the actions were removed by filters.
There are several signatures that are intentionally created without actions. These signatures are what we call meta component signatures. On their own they don't mean much and so we remove all actions and they do not generate alerts into the eventstore. They trigger internally in sensorApp but do not get written to the eventstore. These alerts are internally monitored by Meta signatures. When multiple component signatures are triggered, then a Meta signature may trigger and it is the Meta signature that would have a produce-alert event action and be written to the eventStore.
With summarization the signature has a produce-alert action, but the summarizer routines see that the signature is being triggered multiple times with same addresses. The summarizer will allow through an alert on the first triggering. Later triggerings with the same address set will cause the summarizer to automatically remove the produce-alert action (and other alert causing actions). So the summarized alerts will not get written to the eventStore.
NOTE: In your output this happened for at least 43 of these alerts.
Filters may also be matching the alerts, and the filters may be removing the event actions.
So if the event actions have all be removed (or none were ever added), then the alert will not be passed to the event action handler.
In your output only 1 of the 60 alerts wound up with any actions needing to be executed.
Similar Messages
-
How to get the number of messages consumed by a MDB ??
Hi all,
How to get the number of messages consumed by a MDB displayed in OEM in a Java Application ???
DMS ??? what use DMS ???
tanksok.
Well using DMS is one way to get at these sorts of stats in a programmatic manner.
There's a Java API you can use, or you could call out to the Spy servlet to query the DMS stats in either text or XML form.
I don't have an MDB published so I can't show you specifiically, but here's the sort of query you can use to extract the data.
http://localhost:8888/dms0/Spy?format=raw&table=oc4j_ejb_stateless_bean&recurse=children
Which produces a table of the TEXT form:
<DMSDUMP version='9.0.4' timestamp='1163456821185 (Tue Nov 14 08:57:01 CST 2006)' id='8888' name='OC4J'>
<statistics>
/oc4j [type=n/a]
/oc4j/default [type=oc4j_ear]
/oc4j/default/EJBs [type=oc4j_ejb]
/oc4j/default/EJBs/jmsrouter_ejb [type=oc4j_ejb_pkg]
/oc4j/default/EJBs/jmsrouter_ejb/AdminMgrBean [type=oc4j_ejb_stateless_bean]
pooled.count: 11 ops
pooled.maxValue: 1 count
pooled.minValue: 0 count
pooled.value: 0 count
ready.count: 11 ops
ready.maxValue: 1 count
ready.minValue: 0 count
ready.value: 0 count
session-type.value: Stateless
transaction-type.value: Bean
/oc4j/default/EJBs/jmsrouter_ejb/EnqueuerBean [type=oc4j_ejb_stateless_bean]
pooled.count: 11 ops
pooled.maxValue: 0 count
pooled.minValue: 0 count
pooled.value: 0 count
ready.count: 11 ops
ready.maxValue: 0 count
ready.minValue: 0 count
ready.value: 0 count
session-type.value: Stateless
transaction-type.value: Bean
/oc4j/default/EJBs/jmsrouter_ejb/TimerHandlerBean [type=oc4j_ejb_stateless_bean]
pooled.count: 11 ops
pooled.maxValue: 0 count
pooled.minValue: 0 count
pooled.value: 0 count
ready.count: 11 ops
ready.maxValue: 0 count
ready.minValue: 0 count
ready.value: 0 count
session-type.value: Stateless
transaction-type.value: Bean
</statistics>
</DMSDUMP>
Or produces an XML document of the form:
http://localhost:8888/dms0/Spy?format=xml&table=oc4j_ejb_stateless_bean&recurse=children
You can use the Spy console to find the table that contains the details for MDB and then take it from there.
This is not what you specifically want to do, but it does provide a good overview of how DMS is used.
http://www.oracle.com/technology/pub/notes/technote_dms.html
-steve- -
Default Alert Consumer for Custom job
Hi Experts,
can we use the "ALERT-TO-MAIL" alert consumer to a custom job.
If not why cant we apply the default alert consumer to custom job and what could be the relation between them.
here i am trying to create an custom job in SAP PI 7.3 server basing on Customize Alerts Using Job in PI 7.31/PO as in here creation of the Alert consumer details has not been provided i was thinking to use the "ALERT-TO-MAIL" consumer and i also want to know the process to create the customized alert consumer so please help me in this issue. Thanks very much in advance.
Regards,
AvinashHi
PFB the blog for creating custom consumer.
Michal's PI tips: Component based message alerting - API
Also a blog on creating custom job, might be helpful to you
Customize Alerts Using Job in PI 7.31/PO
Regards
Osman
Message was edited by: Osman Jabri -
Job number from alert log file to information
Hello!
I have a question about job numbers in alert log file. Today one of our Oracle 10g R2 [10.2.0.4] RAC nodes crashed. After examining alert log file for one of the nodes I saw a lot of messages like:
Tue Jul 26 11:52:43 2011
Errors in file /u01/app/oracle/admin/zeme/bdump/zeme2_j002_28952.trc:
ORA-12012: error on auto execute of job *20627358*
ORA-12705: Cannot access NLS data files or invalid environment specified
Tue Jul 26 11:52:43 2011
Errors in file /u01/app/oracle/admin/zeme/bdump/zeme2_j001_11018.trc:
ORA-12012: error on auto execute of job *20627357*
ORA-12705: Cannot access NLS data files or invalid environment specified
Tue Jul 26 11:52:43 2011
Errors in file /u01/app/oracle/admin/zeme/bdump/zeme2_j000_9684.trc:
ORA-12012: error on auto execute of job *20627342*
ORA-12705: Cannot access NLS data files or invalid environment specified
After examining trc files I have found no further information about error except session ids.
My question is: how to find what job caused these messages to appear in alert log file.
How do I map number in alert log file to some "real" information (owner, statement executed, schedule)?
Marx.Sorry for the delay
Try this to find the job :
select job, what from dba_jobs ;
How do I find NLS_LANG version?SQL> show parameter NLS_LANG
Do you mean ALTER SESSION inside a job?I meant anywhere, but your question is better.
ORA-12705 - Common Reasons and How to Resolve Them [ID 158654.1]
If OS is Windows lookout for NLS_LANG=NA in the registry
Is it possible you are doing this somewhere ?
ALTER SESSION SET NLS_DATE_FORMAT = 'RRRR-MM-DD\"T\"HH24:MI:SS';NLS database settings are superseded by NLS instance settings
SELECT * from NLS_SESSION_PARAMETERS;
These are the settings used for the current SQL session.
NLS_LANG could be set in a profile for example.
NLS_LANG=_AMERICA.WE8ISO8859P1 ( correct )
NLS_LANG=AMERICA.WE8ISO8859P1 ( Incorrect )
you need to set the "_" as separator.
Windows
set NLS_LANG=AMERICAN_AMERICA.WE8ISO8859P1
Unix
export NLS_LANG=AMERICAN_AMERICA.WE8ISO8859P1
mseberg
Edited by: mseberg on Jul 28, 2011 3:51 PM
Edited by: mseberg on Jul 29, 2011 4:05 AM -
AV - Top Five Audit Sources by Number of Alerts - INTERNAL ERROR
Hi again!
We have one problem with audit vault console while connecting with auditor role.
There's one strange problem that occurs intermitently when clicking on "Top Five Audit Sources by Number of Alerts " graph on audit vault home page.
Sometimes it works perfectly and maybe next time it produces an internal error. It does not follow any logic. Maybe it works 1,2,3,... times and next one it doesn't and the links carriess you to an empty page with "INTERNAL ERROR" message.
It is something related with the url.
When you place the mouse coursor on the graph you can see the url at the bottom of internet explorer/firefox.
It's something like this: (it works)
http://<av hostname>:5707/av/console/database/avt/:::::P2_REPORT_TYPE,P2_DATE_TYPE,P2_SOURCE:WARNING_ALERT,DAY,<source name>
then you continue working come back to home page and place the cursor again on it. Then sometimes you see the same url(all it's going to work) or the next one:
http://<av hostname>:5700/av/console/database/avt/:::::P2_REPORT_TYPE,P2_DATE_TYPE,P2_SOURCE:WARNING_ALERT,DAY,<source name>
As you can see port number has changed misteriously... and it does not work.
The strange thing is that after the error i try to open a new auditor session with another explorer and it some times it works!!! until same thing happens.
Has anyone seen anything like this????? I don't know if it something about Audit Vault configuration, a bug or an internet explorer configuration issue.
i've tried different languages with my explorers and it continues happening ...
All the rest of the parts of the application work perfectly
Thanks!Whenever posting here ALWAYS include full version number.
Whenever posting an error post the full and complete error message (not your interpretation of it). "INTERNAL ERROR" in and of itself is meaningless.
I would suggest that you open an SR at metalink. -
CBMA - Alerts consumer in SAP PO7.4
Hi Folks,
Tried to create an alert consumer, but couldn't be succeeded though had gone through the several blogs.
I could see the it can be created from WSNAVIGATOR. But when I open my NWA-WSNavigator, I could see the below option for services.
can someone please help me what/where has gone wrong.Please find the screenshot of the WSNAVIGATOR.
Thank you.Hi Rajesh,
Thanks for the reply. So can we setup the recipient list as different for each alert rule?
If so can you please guide where can I give the recipient list and on what basis.
Also is that require to give all the ID objects for in the alert rule or only the Configuration Scenario to have all the alerts triggered for that particular interface.
Thank you.
Regards -
Number of resources consumed ?
Experts,
For 100 identical machines, single resource is created with n=100 in capacity tab.
Requirement is, during process order creation, system should provide a provision for entering the actual number of m/c to be consumed. e.g before saving user has to enter number of machine required for a single machine out of 100 machine.
How to achieve such requirement, if enhancement req. than suggest .
ManAG,
I need to know out of 100, how many resources user want to use. when system find 100 avaialble capacity it assign whole load to it by considering capacities avaialble( let say sytem reserves 10 capacities), what user want is to not let the system decide/assign the capacities rather user should have option to decide/assign out of 100, e.g he want 3 m/cs reserved for a week.
This all should be done at process order creation level not at confirmation.This u can say is like a resource allocation process, how to accommodate ?
Man -
ISE 1.2.0.899 and large number of alerts
Hey,
I have been in touch with our Cisco Partner about this, but I didn't get anywhere and the case was closed without a resolution..
It turns out that you cannot clear more than 1000 alerts at once in ISE.
This is a huge issue for me, because we have over 10k configuration change alerts that was generated when a user mistakenly created a few too many guest accounts through the sponsor portal.
I am hoping there is a way I can clear up all these old alerts without having to click 9k of them one at a time to clear them..
I considered automating the clicking through javascript in my browser, but of course the alert list was a flash object, so I couldn't do that either..
-- Regards, MortenHi Morten,
This is a known issue - https://tools.cisco.com/bugsearch/bug/CSCul58094/?reffering_site=dumpcr
This will be fixed in ISE 1.3 However, you can delete all the alerts in one go using root patch and sql cmds.
~BR
Jatin Katyal
**Do rate helpful posts** -
Why did you reduce the number of alerts available in Calendar?
I like to have more than one reminder for some events in Calendar. I just added another event but am only able to set one reminder. Where did they go? Who decided that one reminder was enough?
Just a precision.
The User Guide is dedicated to both way to use iWork version 9.1.
When it's used under Lion (10.7) there is no item Save As…
but
when it's used under Snow Leopard (10.6.6 or higher) the item Save As… is available.
As every user able to read carefully may see, it's clearly described in Pages User Guide (same description in Keynote User Guide and Numbers User Guide).
Yvan KOENIG (VALLAURIS, France) mercredi 21 septembre 2011 15:04:35
iMac 21”5, i7, 2.8 GHz, 4 Gbytes, 1 Tbytes, mac OS X 10.6.8 and 10.7.0
My iDisk is : <http://public.me.com/koenigyvan>
Please : Search for questions similar to your own before submitting them to the community -
Alerts are LOST somewhere in Action Override Stage...
I have very, very strange statistics on my sensor. I cleared it few minutes ago and now it is as follows:
SigEvent Preliminary Stage Statistics
Number of Alerts received = 60
Number of Alerts Consumed by AlertInterval = 0
Number of Alerts Consumed by Event Count = 0
Number of FireOnce First Alerts = 0
Number of FireOnce Intermediate Alerts = 0
Number of Summary First Alerts = 8
Number of Summary Intermediate Alerts = 43
Number of Regular Summary Final Alerts = 8
Number of Global Summary Final Alerts = 0
Number of Active SigEventDataNodes = 10
Number of Alerts Output for further processing = 60
SigEvent Action Override Stage Statistics
Number of Alerts received to Action Override Processor = 60
Number of Alerts where an override was applied = 0
Actions Added
deny-attacker-inline = 0
deny-attacker-victim-pair-inline = 0
deny-attacker-service-pair-inline = 0
deny-connection-inline = 0
deny-packet-inline = 0
modify-packet-inline = 0
log-attacker-packets = 0
log-pair-packets = 0
log-victim-packets = 0
produce-alert = 0
produce-verbose-alert = 0
request-block-connection = 0
request-block-host = 0
request-snmp-trap = 0
reset-tcp-connection = 0
request-rate-limit = 0
SigEvent Action Filter Stage Statistics
Number of Alerts received to Action Filter Processor = 0
Number of Alerts where an action was filtered = 0
Number of Filter Line matches = 0
Number of Filter Line matches causing decreased DenyPercentage = 0
Actions Filtered
deny-attacker-inline = 0
deny-attacker-victim-pair-inline = 0
deny-attacker-service-pair-inline = 0
deny-connection-inline = 0
deny-packet-inline = 0
modify-packet-inline = 0
log-attacker-packets = 0
log-pair-packets = 0
log-victim-packets = 0
produce-alert = 0
produce-verbose-alert = 0
request-block-connection = 0
request-block-host = 0
request-snmp-trap = 0
reset-tcp-connection = 0
request-rate-limit = 0
SigEvent Action Handling Stage Statistics.
Number of Alerts received to Action Handling Processor = 1
Number of Alerts where produceAlert was forced = 0
Number of Alerts where produceAlert was off = 0
Actions Performed
deny-attacker-inline = 0
deny-attacker-victim-pair-inline = 0
deny-attacker-service-pair-inline = 0
deny-connection-inline = 0
deny-packet-inline = 0
modify-packet-inline = 0
log-attacker-packets = 0
log-pair-packets = 0
log-victim-packets = 0
produce-alert = 1
produce-verbose-alert = 0
request-block-connection = 0
request-block-host = 0
request-snmp-trap = 0
reset-tcp-connection = 0
request-rate-limit = 0
Per-Signature SigEvent count since reset
Sig 60000.0 = 1
Yes, single signature fired, but the number of "Preliminary Stage Alerts" was 60 !? What happened with other 59 alerts ???Only when the alert has at least one action will it be passed to the event action handler.
So the other 59 alerts did not have any event action. Either no action was added directly from the signature definition, or the alerting type actions were removed because of summarization, or the actions were removed by filters.
There are several signatures that are intentionally created without actions. These signatures are what we call meta component signatures. On their own they don't mean much and so we remove all actions and they do not generate alerts into the eventstore. They trigger internally in sensorApp but do not get written to the eventstore. These alerts are internally monitored by Meta signatures. When multiple component signatures are triggered, then a Meta signature may trigger and it is the Meta signature that would have a produce-alert event action and be written to the eventStore.
With summarization the signature has a produce-alert action, but the summarizer routines see that the signature is being triggered multiple times with same addresses. The summarizer will allow through an alert on the first triggering. Later triggerings with the same address set will cause the summarizer to automatically remove the produce-alert action (and other alert causing actions). So the summarized alerts will not get written to the eventStore.
NOTE: In your output this happened for at least 43 of these alerts.
Filters may also be matching the alerts, and the filters may be removing the event actions.
So if the event actions have all be removed (or none were ever added), then the alert will not be passed to the event action handler.
In your output only 1 of the 60 alerts wound up with any actions needing to be executed. -
Reconfiguring the engine | CPU @ 100% | AIP-5
It seems that almost everytime I log into the IPS Manager for the ASA-SSC-AIP-5 that it is reconfiguring the engine and the CPU is at 100%. I am on sig version 625.0 and I knwo the current should be like S632. Basically, this thing always seems to be in bypass mode so what is the point? It's frustrating.
Has anyone else experienced this? Is there somethign that should be done for performance, or do I need to look at my configurationg for something?
Maybe I am just checking for updates too often?
I'm looking for any suggestions or best practices for using these.
Thanks.Quite long, but here goes:
IPS_Sensor# show tech
System Status Report
This Report was generated on Thu Mar 15 09:54:38 2012.
Output from show version
Application Partition:
Cisco Intrusion Prevention System, Version 6.2(4)E4
Host:
Realm Keys key1.0
Signature Definition:
Signature Update S632.0 2012-03-13
OS Version: 2.4.30-IDS-smp-bigphys
Platform: ASA-SSC-AIP-5
Serial Number: JAF1442BDBN
Licensed, expires: 07-Jan-2013 UTC
Sensor up-time is 36 days.
Using 350920704 out of 489398272 bytes of available memory (71% usage)
application-data is using 42.4M out of 166.8M bytes of available disk space (27% usage)
boot is using 40.8M out of 68.6M bytes of available disk space (63% usage)
MainApp E-ECLIPSE_624_2011_JUN_23_00_20_6_2_3_17 (Ipsbuild) 2011-06-23T00:24:58-0500 Running
AnalysisEngine E-ECLIPSE_624_2011_JUN_23_00_20_6_2_3_17 (Ipsbuild) 2011-06-23T00:24:58-0500 Running
CLI E-ECLIPSE_624_2011_JUN_23_00_20_6_2_3_17 (Ipsbuild) 2011-06-23T00:24:58-0500
Upgrade History:
* IPS-sig-S631-req-E4 18:03:37 UTC Tue Mar 13 2012
IPS-sig-S632-req-E4.pkg 18:03:38 UTC Wed Mar 14 2012
Recovery Partition Version 1.1 - 6.2(4)E4
Host Certificate Valid from: 14-Jan-2011 to 14-Jan-2013
Output from show interfaces
Interface Statistics
Total Packets Received = 0
Total Bytes Received = 0
Missed Packet Percentage = 0
Current Bypass Mode = Auto_off
MAC statistics from interface GigabitEthernet0/0
Interface function = Sensing interface
Description =
Media Type = backplane
Default Vlan = 0
Inline Mode = Unpaired
Pair Status = N/A
Hardware Bypass Capable = No
Hardware Bypass Paired = N/A
Link Status = Up
Admin Enabled Status = Enabled
Link Speed = Auto_1000
Link Duplex = Auto_Full
Missed Packet Percentage = 0
Total Packets Received = 163575210
Total Bytes Received = 100243725586
Total Multicast Packets Received = 0
Total Broadcast Packets Received = 0
Total Jumbo Packets Received = 0
Total Undersize Packets Received = 0
Total Receive Errors = 0
Total Receive FIFO Overruns = 0
Total Packets Transmitted = 163575006
Total Bytes Transmitted = 100243542691
Total Multicast Packets Transmitted = 0
Total Broadcast Packets Transmitted = 0
Total Jumbo Packets Transmitted = 0
Total Undersize Packets Transmitted = 0
Total Transmit Errors = 0
Total Transmit FIFO Overruns = 0
MAC statistics from interface Management0/0
Interface function = Command-control interface
Description =
Media Type = TX
Default Vlan = 0
Link Status = Up
Link Speed = Auto_1000
Link Duplex = Auto_Full
Total Packets Received = 8837748
Total Bytes Received = 1105352880
Total Multicast Packets Received = 0
Total Receive Errors = 0
Total Receive FIFO Overruns = 0
Total Packets Transmitted = 9435508
Total Bytes Transmitted = 1410112517
Total Transmit Errors = 0
Total Transmit FIFO Overruns = 0
Output from show statistics authentication
General
totalAuthenticationAttempts = 29
failedAuthenticationAttempts = 2
Output from show statistics analysis-engine
Analysis Engine Statistics
Number of seconds since service started = 3195884
The rate of TCP connections tracked per second = 0
The rate of packets per second = 46
The rate of bytes per second = 1071
Receiver Statistics
Total number of packets processed since reset = 150102196
Total number of IP packets processed since reset = 150102196
Transmitter Statistics
Total number of packets transmitted = 151226612
Total number of packets denied = 70
Total number of packets reset = 80
Fragment Reassembly Unit Statistics
Number of fragments currently in FRU = 0
Number of datagrams currently in FRU = 0
TCP Stream Reassembly Unit Statistics
TCP streams currently in the embryonic state = 0
TCP streams currently in the established state = 0
TCP streams currently in the closing state = 0
TCP streams currently in the system = 0
TCP Packets currently queued for reassembly = 0
The Signature Database Statistics.
Total nodes active = 1634
TCP nodes keyed on both IP addresses and both ports = 357
UDP nodes keyed on both IP addresses and both ports = 0
IP nodes keyed on both IP addresses = 134
Statistics for Signature Events
Number of SigEvents since reset = 473321
Statistics for Actions executed on a SigEvent
Number of Alerts written to the IdsEventStore = 673
Inspection Stats
Inspector active call create delete createPct callPct
AtomicAdvanced 1 150092178 1 0 0 14
Fixed 40 8387783 5498552 5498512 3 5
MSRPC_TCP 15 5787118 1093973 1093958 0 3
MSRPC_UDP 0 2156196 1071260 1071260 0 1
MultiString 410 24911947 3282530 3282120 2 16
MultiStringSP 0 2031 822 822 0 0
ServiceDnsUdp 1 2156196 1 0 0 1
ServiceDnsTcp 0 290 146 146 0 0
ServiceFtp 0 1513 88 88 0 0
ServiceGeneric 3 152319935 2228468 2228465 1 15
ServiceHttp 254 2488814 1199894 1199640 0 1
ServiceMsSql 0 7497 4 4 0 0
ServiceNtp 0 4312392 2142520 2142520 1 2
ServiceP2PUDP 0 86926 80336 80336 0 0
ServiceP2PTCP 2 4897360 2228465 2228463 1 3
ServiceRpcUDP 1 2156196 1 0 0 1
ServiceRpcTCP 356 18860022 2224579 2224223 1 12
ServiceSMBAdvanced 2 2189269 10389 10387 0 1
ServiceSnmp 1 2156196 1 0 0 1
ServiceTNS 0 2211389 2203383 2203383 1 1
String 502 37492887 4282235 4281733 2 24
SweepICMP 11 1113830 75054 75043 0 0
SweepTCP 270 293642888 874680 874410 0 23
SweepOtherTcp 134 146821444 449914 449780 0 11
Output from show statistics denied-attackers
Statistics for Virtual Sensor vs0
Denied Attackers and hit count for each.
Denied Attackers with percent denied and hit count for each.
Output from show statistics event-server
Statistics not available: event-server is disabled.
Output from show statistics event-store
Event store statistics
General information about the event store
The current number of open subscriptions = 5
The number of events lost by subscriptions and queries = 0
The number of filtered events not written to the event store = 323047
The number of queries issued = 1
The number of times the event store circular buffer has wrapped = 0
Number of events of each type currently stored
Status events = 15070
Shun request events = 0
Error events, warning = 72
Error events, error = 571
Error events, fatal = 2
Alert events, informational = 346
Alert events, low = 462
Alert events, medium = 7
Alert events, high = 21
Alert events, threat rating 0-20 = 0
Alert events, threat rating 21-40 = 346
Alert events, threat rating 41-60 = 479
Alert events, threat rating 61-80 = 7
Alert events, threat rating 81-100 = 4
Cumulative number of each type of event
Status events = 11532
Shun request events = 0
Error events, warning = 63
Error events, error = 437
Error events, fatal = 1
Alert events, informational = 287
Alert events, low = 360
Alert events, medium = 5
Alert events, high = 21
Alert events, threat rating 0-20 = 0
Alert events, threat rating 21-40 = 287
Alert events, threat rating 41-60 = 377
Alert events, threat rating 61-80 = 5
Alert events, threat rating 81-100 = 4
Output from show statistics external-product-interface
No interfaces configured
Output from show statistics host
General Statistics
Last Change To Host Config (UTC) = 07-Feb-2012 15:03:14
Command Control Port Device = Management0/0
Network Statistics
= ma0_0 Link encap:Ethernet HWaddr 00:4D:79:4D:41:43
= inet addr:10.1.2.2 Bcast:10.1.2.7 Mask:255.255.255.248
= UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
= RX packets:8837838 errors:0 dropped:0 overruns:0 frame:0
= TX packets:9435686 errors:0 dropped:0 overruns:0 carrier:0
= collisions:0 txqueuelen:1000
= RX bytes:1105359006 (1.0 GiB) TX bytes:1410145705 (1.3 GiB)
NTP Statistics
= remote refid st t when poll reach delay offset jitter
= *10.x.x.5 130.126.24.53 3 u 299 1024 377 3.915 11.079 18.216
= LOCAL(0) 73.78.73.84 5 l 3 64 377 0.000 0.000 0.002
= ind assID status conf reach auth condition last_event cnt
= 1 28364 b6e4 yes yes none sys.peer reachable 14
= 2 28365 90e4 yes yes none reject reachable 14
status = Synchronized
Memory Usage
usedBytes = 350998528
freeBytes = 138399744
totalBytes = 489398272
Summertime Statistics
start = 03:00:00 UTC Sun Mar 11 2012
end = 01:00:00 GMT-06:00 Sun Nov 04 2012
CPU Statistics
Usage over last 5 seconds = 27
Usage over last minute = 21
Usage over last 5 minutes = 27
Memory Statistics
Memory usage (bytes) = 350998528
Memory free (bytes) = 138399744
Auto Update Statistics
lastDirectoryReadAttempt = 09:03:29 UTC Thu Mar 15 2012
= Read directory: https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl
= Success: No installable auto update package found on server
lastDownloadAttempt = 13:03:27 UTC Wed Mar 14 2012
lastInstallAttempt = 13:13:49 UTC Wed Mar 14 2012
nextAttempt = 11:03:17 UTC Thu Mar 15 2012
Auxilliary Processors Installed
Output from show statistics logger
The number of Log interprocessor FIFO overruns = 0
The number of syslog messages received = 95
The number of events written to the event store by severity
Fatal Severity = 1
Error Severity = 437
Warning Severity = 158
TOTAL = 596
The number of log messages written to the message log by severity
Fatal Severity = 1
Error Severity = 437
Warning Severity = 63
Timing Severity = 0
Debug Severity = 0
Unknown Severity = 0
Blank Messages = 64132
TOTAL = 64633
Output from show statistics network-access
Current Configuration
LogAllBlockEventsAndSensors = true
EnableNvramWrite = false
EnableAclLogging = false
AllowSensorBlock = false
BlockMaxEntries = 250
MaxDeviceInterfaces = 250
NeverBlock
IP = 10.x.x.8
IP = 10.x.x.69
State
BlockEnable = true
Output from show statistics notification
General
Number of SNMP set requests = 0
Number of SNMP get requests = 0
Number of error traps sent = 497
Number of alert traps sent = 19
Output from show statistics os-identification
Statistics for Virtual Sensor vs0
OS Identification
Configured
Imported
Learned
IP = 10.x.x.69 (windows-nt-2k-xp)
IP = 10.x.x.117 (windows-nt-2k-xp)
IP = 10.x.x.229 (windows-nt-2k-xp)
IP = 10.x.x.230 (windows-nt-2k-xp)
IP = 10.x.x.231 (windows-nt-2k-xp)
IP = 10.x.x.232 (windows-nt-2k-xp)
IP = 10.x.x.233 (windows-nt-2k-xp)
IP = 10.x.x.234 (windows-nt-2k-xp)
IP = 10.x.x.235 (windows-nt-2k-xp)
IP = 10.x.x.236 (windows-nt-2k-xp)
IP = 10.x.x.238 (windows-nt-2k-xp)
IP = 10.x.x.240 (windows-nt-2k-xp)
IP = 12.120.129.206 (linux)
IP = 50.22.26.153 (linux)
IP = 50.22.26.155 (linux)
IP = 50.23.216.69 (linux)
IP = 50.57.22.5 (linux)
IP = 64.70.9.195 (linux)
IP = 64.208.138.145 (linux)
IP = 65.42.26.130 (bsd)
IP = 66.117.14.61 (linux)
IP = 66.147.244.114 (linux)
IP = 67.192.92.227 (linux)
IP = 68.142.213.143 (linux)
IP = 69.12.162.28 (linux)
IP = 69.64.250.20 (linux)
IP = 69.172.216.56 (linux)
IP = 70.98.35.165 (linux)
IP = 71.13.87.218 (linux)
IP = 72.22.182.37 (windows-nt-2k-xp)
IP = 72.34.62.119 (linux)
IP = 72.44.91.208 (linux)
IP = 72.251.194.171 (linux)
IP = 74.125.214.21 (linux)
IP = 74.125.214.114 (linux)
IP = 74.201.0.130 (linux)
IP = 75.126.109.204 (linux)
IP = 98.129.229.53 (linux)
IP = 98.138.47.199 (linux)
IP = 98.139.225.43 (linux)
IP = 107.20.134.231 (linux)
IP = 107.21.238.22 (linux)
IP = 107.22.217.227 (linux)
IP = 107.22.230.44 (linux)
IP = 129.143.116.113 (linux)
IP = 132.237.253.49 (linux)
IP = 143.227.55.17 (linux)
IP = 162.128.70.19 (linux)
IP = 170.218.216.73 (linux)
IP = 173.45.246.12 (linux)
IP = 173.201.185.43 (linux)
IP = 174.46.100.100 (hp-ux)
IP = 174.129.1.166 (linux)
IP = 184.72.226.104 (linux)
IP = 192.168.168.135 (windows-nt-2k-xp)
IP = 195.24.232.205 (linux)
IP = 199.59.149.198 (linux)
IP = 204.11.208.168 (linux)
IP = 204.145.83.230 (linux)
IP = 204.145.176.90 (linux)
IP = 205.251.253.141 (linux)
IP = 208.28.202.43 (linux)
IP = 208.65.147.170 (linux)
IP = 209.59.132.242 (linux)
IP = 209.85.239.19 (linux)
IP = 209.126.151.246 (linux)
IP = 209.126.179.3 (linux)
IP = 216.8.161.98 (bsd)
IP = 216.75.16.204 (linux)
IP = 216.129.117.152 (linux)
IP = 216.138.155.154 (linux)
IP = 216.231.189.130 (linux)
Output from show statistics sdee-server
General
Open Subscriptions = 1
Blocked Subscriptions = 1
Maximum Available Subscriptions = 5
Maximum Events Per Retrieval = 500
Subscriptions
sub-9-19a8e927
State = Read Pending
Last Read Time = 14:54:38 UTC Thu Mar 15 2012
Last Read Time (nanoseconds) = 1331823278914523000
Output from show statistics virtual-sensor
Virtual Sensor Statistics
Statistics for Virtual Sensor vs0
Name of current Signature-Defintion instance = sig0
Name of current Event-Action-Rules instance = rules0
List of interfaces monitored by this virtual sensor = GigabitEthernet0/0 subinterface 0
General Statistics for this Virtual Sensor
Number of seconds since a reset of the statistics = 3195885
MemoryAlloPercent = 72
MemoryUsedPercent = 67
MemoryMaxCapacity = 300000
MemoryMaxHighUsed = 319840
MemoryCurrentAllo = 218439
MemoryCurrentUsed = 203388
Processing Load Percentage = 5
Total packets processed since reset = 151232133
Total IP packets processed since reset = 151232133
Total IPv4 packets processed since reset = 151232133
Total IPv6 packets processed since reset = 0
Total IPv6 AH packets processed since reset = 0
Total IPv6 ESP packets processed since reset = 0
Total IPv6 Fragment packets processed since reset = 0
Total IPv6 Routing Header packets processed since reset = 0
Total IPv6 ICMP packets processed since reset = 0
Total packets that were not IP processed since reset = 0
Total TCP packets processed since reset = 147952089
Total UDP packets processed since reset = 2156214
Total ICMP packets processed since reset = 1123830
Total packets that were not TCP, UDP, or ICMP processed since reset = 0
Total ARP packets processed since reset = 0
Total ISL encapsulated packets processed since reset = 0
Total 802.1q encapsulated packets processed since reset = 5009
Total GRE Packets processed since reset = 0
Total GRE Fragment Packets processed since reset = 0
Total GRE Packets skipped since reset = 0
Total packets with bad IP checksums processed since reset = 0
Total packets with bad layer 4 checksums processed since reset = 0
Total number of bytes processed since reset = 90811729021
The rate of packets per second since reset = 47
The rate of bytes per second since reset = 28415
The average bytes per packet since reset = 600
Denied Address Information
Number of Active Denied Attackers = 0
Number of Denied Attackers Inserted = 0
Number of Denied Attacker Victim Pairs Inserted = 0
Number of Denied Attacker Service Pairs Inserted = 0
Number of Denied Attackers Total Hits = 0
Number of times max-denied-attackers limited creation of new entry = 0
Number of exec Clear commands during uptime = 0
Denied Attackers and hit count for each.
Denied Attackers with percent denied and hit count for each.
The Signature Database Statistics.
The Number of each type of node active in the system
Total nodes active = 1634
TCP nodes keyed on both IP addresses and both ports = 357
UDP nodes keyed on both IP addresses and both ports = 0
IP nodes keyed on both IP addresses = 134
The number of each type of node inserted since reset
Total nodes inserted = 10505094
TCP nodes keyed on both IP addresses and both ports = 2317586
UDP nodes keyed on both IP addresses and both ports = 988001
IP nodes keyed on both IP addresses = 685950
The rate of nodes per second for each time since reset
Nodes per second = 3
TCP nodes keyed on both IP addresses and both ports per second = 0
UDP nodes keyed on both IP addresses and both ports per second = 0
IP nodes keyed on both IP addresses per second = 0
The number of root nodes forced to expire because of memory constraints
TCP nodes keyed on both IP addresses and both ports = 26357
Packets dropped because they would exceed Database insertion rate limits = 0
Fragment Reassembly Unit Statistics for this Virtual Sensor
Number of fragments currently in FRU = 0
Number of datagrams currently in FRU = 0
Number of fragments received since reset = 10018
Number of fragments forwarded since reset = 10018
Number of fragments dropped since last reset = 0
Number of fragments modified since last reset = 0
Number of complete datagrams reassembled since last reset = 5009
Fragments hitting too many fragments condition since last reset = 0
Number of overlapping fragments since last reset = 0
Number of Datagrams too big since last reset = 0
Number of overwriting fragments since last reset = 0
Number of Inital fragment missing since last reset = 0
Fragments hitting the max partial dgrams limit since last reset = 0
Fragments too small since last reset = 0
Too many fragments per dgram limit since last reset = 0
Number of datagram reassembly timeout since last reset = 0
Too many fragments claiming to be the last since last reset = 0
Fragments with bad fragment flags since last reset = 0
TCP Normalizer stage statistics
Packets Input = 146821876
Packets Modified = 0
Dropped packets from queue = 0
Dropped packets due to deny-connection = 0
Duplicate Packets = 0
Current Streams = 357
Current Streams Closed = 0
Current Streams Closing = 0
Current Streams Embryonic = 0
Current Streams Established = 0
Current Streams Denied = 0
Total SendAck Limited Packets = 0
Total SendAck Limited Streams = 0
Total SendAck Packets Sent = 0
Statistics for the TCP Stream Reassembly Unit
Current Statistics for the TCP Stream Reassembly Unit
TCP streams currently in the embryonic state = 0
TCP streams currently in the established state = 0
TCP streams currently in the closing state = 0
TCP streams currently in the system = 0
TCP Packets currently queued for reassembly = 0
Cumulative Statistics for the TCP Stream Reassembly Unit since reset
TCP streams that have been tracked since last reset = 0
TCP streams that had a gap in the sequence jumped = 0
TCP streams that was abandoned due to a gap in the sequence = 0
TCP packets that arrived out of sequence order for their stream = 0
TCP packets that arrived out of state order for their stream = 0
The rate of TCP connections tracked per second since reset = 0
SigEvent Preliminary Stage Statistics
Number of Alerts received = 473321
Number of Alerts Consumed by AlertInterval = 55
Number of Alerts Consumed by Event Count = 30
Number of FireOnce First Alerts = 158
Number of FireOnce Intermediate Alerts = 255
Number of Summary First Alerts = 78928
Number of Summary Intermediate Alerts = 372829
Number of Regular Summary Final Alerts = 20879
Number of Global Summary Final Alerts = 0
Number of Active SigEventDataNodes = 6
Number of Alerts Output for further processing = 473236
Per-Signature SigEvent count since reset
Sig 3002.0 = 187
Sig 3653.0 = 28
Sig 5474.0 = 183
Sig 5575.0 = 423
Sig 5581.0 = 408
Sig 5591.0 = 6
Sig 5595.0 = 15
Sig 5606.0 = 21
Sig 5903.2 = 505
Sig 6061.0 = 5
Sig 6131.6 = 13
Sig 6187.0 = 6
Sig 6403.1 = 26
Sig 6409.1 = 22
Sig 6409.2 = 370
Sig 6984.2 = 92
Sig 7241.1 = 3
Sig 7264.1 = 13
Sig 11233.3 = 1
Sig 16297.0 = 21
Sig 19219.1 = 6
Sig 20059.1 = 7950
Sig 21539.1 = 7
Sig 21619.1 = 257
Sig 23782.2 = 461703
Sig 25022.1 = 26
Sig 27839.2 = 928
Sig 30260.1 = 9
Sig 30459.1 = 9
Sig 41846.1 = 78
SigEvent Action Override Stage Statistics
Number of Alerts received to Action Override Processor = 473236
Number of Alerts where an override was applied = 98
Actions Added
deny-attacker-inline = 0
deny-attacker-victim-pair-inline = 0
deny-attacker-service-pair-inline = 0
deny-connection-inline = 0
deny-packet-inline = 93
modify-packet-inline = 0
log-attacker-packets = 5
log-pair-packets = 5
log-victim-packets = 5
produce-alert = 0
produce-verbose-alert = 5
request-block-connection = 0
request-block-host = 0
request-snmp-trap = 0
reset-tcp-connection = 0
request-rate-limit = 0
stop-flow-inspection = 0
SigEvent Action Filter Stage Statistics
Number of Alerts received to Action Filter Processor = 0
Number of Alerts where an action was filtered = 15
Number of Filter Line matches = 15
Number of Filter Line matches causing decreased DenyPercentage = 0
Actions Filtered
deny-attacker-inline = 0
deny-attacker-victim-pair-inline = 0
deny-attacker-service-pair-inline = 0
deny-connection-inline = 0
deny-packet-inline = 0
modify-packet-inline = 0
log-attacker-packets = 0
log-pair-packets = 0
log-victim-packets = 0
produce-alert = 15
produce-verbose-alert = 0
request-block-connection = 0
request-block-host = 0
request-snmp-trap = 0
reset-tcp-connection = 0
request-rate-limit = 0
stop-flow-inspection = 0
Filter Hit Counts
3 = 15
SigEvent Action Handling Stage Statistics.
Number of Alerts received to Action Handling Processor = 1310
Number of Alerts where produceAlert was forced = 0
Number of Alerts where produceAlert was off = 15
Number of Alerts using Auto One Way Reset = 89
Actions Performed
deny-attacker-inline = 0
deny-attacker-victim-pair-inline = 0
deny-attacker-service-pair-inline = 0
deny-connection-inline = 89
deny-packet-inline = 89
modify-packet-inline = 0
log-attacker-packets = 5
log-pair-packets = 5
log-victim-packets = 5
produce-alert = 673
produce-verbose-alert = 5
request-block-connection = 0
request-block-host = 0
request-snmp-trap = 0
reset-tcp-connection = 0
request-rate-limit = 0
stop-flow-inspection = 0
Deny Actions Requested in Promiscuous Mode
deny-packet not performed = 0
deny-connection not performed = 0
deny-attacker not performed = 0
deny-attacker-victim-pair not performed = 0
deny-attacker-service-pair not performed = 0
modify-packet not performed = 0
Number of Alerts where deny-connection was forced for deny-packet action = 89
Number of Alerts where deny-packet was forced for non-TCP deny-connection action = 0
Output from show statistics transaction-server
General
totalControlTransactions = 2840
failedControlTransactions = 16
Output from show statistics web-server
listener-443
session-4
remote host = 10.x.x.69
session is persistent = yes
number of requests serviced on current connection = 1
last status code = 200
last request method = POST
last request URI = cgi-bin/transaction-server
last protocol version = HTTP/1.1
session state = processingActionsState
session-6
remote host = 10.x.x.69
session is persistent = no
number of requests serviced on current connection = 1
last status code = 200
last request method = GET
last request URI = cgi-bin/sdee-server
last protocol version = HTTP/1.1
session state = processingGetServlet
session-5
remote host = 10.x.x.69
session is persistent = yes
number of requests serviced on current connection = 1
last status code = 200
last request method = POST
last request URI = cgi-bin/transaction-server
last protocol version = HTTP/1.1
session state = processingActionsState
number of server session requests handled = 629400
number of server session requests rejected = 0
total HTTP requests handled = 629696
maximum number of session objects allowed = 40
number of idle allocated session objects = 7
number of busy allocated session objects = 3
summarized log messages
number of TCP socket failure messages logged = 0
number of TLS socket failure messages logged = 1
number of TLS protocol failure messages logged = 0
number of TLS connection failure messages logged = 0
number of TLS crypto warning messages logged = 0
number of TLS expired certificate warning messages logged = 0
number of receipt of TLS fatal alert message messages logged = 0
crypto library version = 6.2.1.0
Output from show health
Overall Health Status Green
Health Status for Failed Applications Green
Health Status for Signature Updates Green
Health Status for License Key Expiration Green
Health Status for Running in Bypass Mode Green
Health Status for Interfaces Being Down Green
Health Status for the Inspection Load Green
Health Status for the Time Since Last Event Retrieval Green
Health Status for the Number of Missed Packets Green
Health Status for the Memory Usage Not Enabled
Security Status for Virtual Sensor vs0 Green
Output from show configuration
! Current configuration last modified Tue Feb 07 09:04:20 2012
! Version 6.2(4)
! Host:
! Realm Keys key1.0
! Signature Definition:
! Signature Update S632.0 2012-03-13
service interface
bypass-mode auto
exit
service authentication
exit
service event-action-rules rules0
overrides log-attacker-packets
override-item-status Enabled
risk-rating-range 70-89
exit
overrides log-victim-packets
override-item-status Enabled
risk-rating-range 70-89
exit
overrides log-pair-packets
override-item-status Enabled
risk-rating-range 70-89
exit
overrides produce-alert
override-item-status Enabled
risk-rating-range 70-89
exit
overrides produce-verbose-alert
override-item-status Enabled
risk-rating-range 70-89
exit
filters edit Ignore_two_hosts
signature-id-range 3030
subsignature-id-range 0
attacker-address-range 10.x.x.0-10.x.x.255
actions-to-remove produce-alert
os-relevance relevant|not-relevant|unknown
exit
filters edit Q00000
signature-id-range 11226,11228
subsignature-id-range 0
victim-address-range 10.x.x.69
actions-to-remove log-attacker-packets|log-victim-packets|log-pair-packets
os-relevance relevant|not-relevant|unknown
exit
filters edit Q00001
signature-id-range 5595
subsignature-id-range 0
attacker-address-range 10.x.x.220-10.x.x.245
actions-to-remove produce-alert
os-relevance relevant|not-relevant|unknown
exit
filters edit Q00002
signature-id-range 2100
subsignature-id-range 0
attacker-address-range 10.x.x.86
actions-to-remove produce-alert
os-relevance relevant|not-relevant|unknown
exit
filters move Ignore_two_hosts begin
filters move Q00000 after Ignore_two_hosts
filters move Q00001 after Q00000
filters move Q00002 after Q00001
exit
service host
network-settings
host-ip 10.1.2.2/29,10.1.2.1
host-name IPS_Sensor
telnet-option disabled
access-list 10.x.x.5/32
access-list 10.x.x.69/32
access-list 10.x.x.86/32
access-list 10.x.x.117/32
exit
time-zone-settings
offset -360
standard-time-zone-name GMT-06:00
exit
ntp-option enabled-ntp-unauthenticated
ntp-server 10.x.x.5
exit
summertime-option recurring
summertime-zone-name UTC
exit
auto-upgrade
cisco-server enabled
schedule-option periodic-schedule
start-time 09:03:17
interval 2
exit
user-name markpiontek
cisco-url https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl
exit
exit
exit
service logger
exit
service network-access
general
never-block-hosts 10.x.x.8
never-block-hosts 10.x.x.69
exit
exit
service notification
trap-destinations 10.x.x.86
trap-community-name public
trap-port 162
exit
error-filter warning|error|fatal
enable-detail-traps false
enable-notifications true
enable-set-get true
read-only-community nagioscheck
read-write-community c5c6692a461c537f8cd37b2eb7bec9fb
trap-community-name public
exit
service signature-definition sig0
signatures 1004 0
status
enabled true
exit
exit
signatures 1225 0
status
enabled true
exit
exit
signatures 1316 0
status
enabled true
exit
exit
signatures 1406 0
status
enabled false
exit
exit
signatures 1408 0
status
enabled true
exit
exit
signatures 1604 0
status
enabled true
exit
exit
signatures 1611 0
status
enabled true
exit
exit
signatures 1623 0
status
enabled true
exit
exit
signatures 1627 0
status
enabled true
exit
exit
signatures 1701 0
status
enabled true
exit
exit
signatures 1703 0
status
enabled true
exit
exit
signatures 1706 0
status
enabled true
exit
exit
signatures 1725 0
status
enabled true
exit
exit
signatures 2011 0
status
enabled true
exit
exit
signatures 2152 0
status
enabled true
exit
exit
signatures 2200 0
status
enabled true
exit
exit
signatures 3030 0
status
enabled true
exit
exit
signatures 3128 1
status
enabled true
exit
exit
signatures 3142 3
status
enabled true
exit
exit
signatures 3143 3
status
enabled true
exit
exit
signatures 3143 4
status
enabled true
exit
exit
signatures 3151 0
status
enabled true
exit
exit
signatures 3220 0
status
enabled true
exit
exit
signatures 3323 0
status
enabled true
exit
exit
signatures 3325 0
status
enabled true
exit
exit
signatures 3357 0
status
enabled true
exit
exit
signatures 3537 1
status
enabled true
exit
exit
signatures 4001 0
status
enabled true
exit
exit
signatures 4068 0
status
enabled true
exit
exit
signatures 4602 3
status
enabled true
exit
exit
signatures 4602 4
status
enabled true
exit
exit
signatures 4607 6
status
enabled true
exit
exit
signatures 4607 7
status
enabled true
exit
exit
signatures 4607 8
status
enabled true
exit
exit
signatures 4607 9
status
enabled true
exit
exit
signatures 4609 1
status
enabled true
exit
exit
signatures 4615 2
status
enabled true
exit
exit
signatures 4615 3
status
enabled true
exit
exit
signatures 4704 0
status
enabled true
exit
exit
signatures 5055 0
status
enabled true
exit
exit
signatures 5176 0
status
enabled true
exit
exit
signatures 5448 0
status
enabled true
exit
exit
signatures 5449 0
status
enabled true
exit
exit
signatures 5450 0
status
enabled true
exit
exit
signatures 5451 0
status
enabled true
exit
exit
signatures 5478 0
status
enabled true
exit
exit
signatures 5513 0
status
enabled true
exit
exit
signatures 5538 0
status
enabled true
exit
exit
signatures 5546 0
status
enabled true
exit
exit
signatures 5648 0
status
enabled true
exit
exit
signatures 5653 0
status
enabled true
exit
exit
signatures 5654 0
status
enabled true
exit
exit
signatures 5663 0
status
enabled true
exit
exit
signatures 5710 0
status
enabled true
exit
exit
signatures 5726 0
status
enabled true
exit
exit
signatures 5726 1
status
enabled true
exit
exit
signatures 5739 0
status
enabled true
exit
exit
signatures 5930 7
status
enabled true
exit
exit
signatures 6007 0
status
enabled true
exit
exit
signatures 6066 0
status
enabled true
exit
exit
signatures 6155 0
status
enabled true
exit
exit
signatures 6155 1
status
enabled true
exit
exit
signatures 6408 0
status
enabled true
exit
exit
signatures 6462 0
status
enabled true
exit
exit
signatures 6462 1
status
enabled true
exit
exit
signatures 6462 2
status
enabled true
exit
exit
signatures 6522 0
status
enabled true
exit
exit
signatures 6996 0
status
enabled true
exit
exit
signatures 7104 0
status
enabled true
exit
exit
signatures 7201 0
engine service-p2p
event-action deny-connection-inline|produce-alert
exit
exit
signatures 7202 0
engine service-p2p
specify-service-ports yes
service-ports 1-1024
exit
exit
status
enabled true
exit
exit
signatures 9401 2
status
enabled true
exit
exit
signatures 9403 2
status
enabled true
exit
exit
signatures 9412 1
status
enabled true
exit
exit
signatures 9418 1
status
enabled true
exit
exit
signatures 9430 1
status
enabled true
exit
exit
signatures 9433 1
status
enabled true
exit
exit
signatures 9515 0
status
enabled true
exit
exit
signatures 9516 0
status
enabled true
exit
exit
signatures 9583 0
status
enabled true
exit
exit
signatures 11001 0
engine string-tcp
event-action produce-alert|deny-packet-inline
exit
exit
signatures 11001 1
engine service-p2p
event-action deny-packet-inline|produce-alert
exit
exit
signatures 11005 1
engine service-http
event-action produce-alert|deny-packet-inline
exit
exit
signatures 11005 2
engine service-p2p
event-action deny-packet-inline|produce-alert
exit
exit
signatures 11007 0
engine string-tcp
event-action produce-alert|deny-packet-inline
exit
exit
signatures 11007 1
engine service-p2p
event-action deny-packet-inline|produce-alert
exit
exit
signatures 11018 0
engine string-tcp
event-action produce-alert|deny-packet-inline
exit
exit
signatures 11019 0
status
enabled true
exit
exit
signatures 11019 1
status
enabled true
exit
exit
signatures 11020 1
engine service-p2p
event-action produce-alert|reset-tcp-connection
exit
exit
signatures 11024 0
status
enabled true
exit
exit
signatures 11030 0
engine service-http
event-action produce-alert|reset-tcp-connection
exit
exit
signatures 11031 0
engine service-http
event-action produce-alert|reset-tcp-connection
exit
exit
signatures 11202 0
status
enabled true
exit
exit
signatures 11211 0
status
enabled true
exit
exit
signatures 11211 1
status
enabled true
exit
exit
signatures 11214 0
status
enabled true
exit
exit
signatures 11216 0
status
enabled true
exit
exit
signatures 11219 0
status
enabled true
exit
exit
signatures 11221 0
status
enabled true
exit
exit
signatures 11226 0
status
enabled false
exit
exit
signatures 11228 0
status
enabled false
exit
exit
signatures 11231 0
status
enabled true
exit
exit
signatures 11233 2
status
enabled false
exit
exit
signatures 11233 3
status
enabled true
exit
exit
signatures 11238 0
status
enabled false
exit
exit
signatures 11252 0
status
enabled true
exit
exit
signatures 11252 1
status
enabled true
exit
exit
signatures 12704 0
status
enabled true
exit
exit
signatures 12711 0
status
enabled true
exit
exit
signatures 15235 0
status
enabled true
exit
exit
signatures 15235 1
status
enabled true
exit
exit
signatures 15235 2
status
enabled true
exit
exit
signatures 15393 0
status
enabled true
exit
exit
signatures 15816 0
status
enabled true
exit
exit
signatures 17269 0
status
enabled true
exit
exit
signatures 17397 0
status
enabled true
exit
exit
signatures 50013 2
status
enabled true
exit
exit
exit
service ssh-known-hosts
exit
service trusted-certificates
exit
service web-server
exit
service anomaly-detection ad0
exit
service external-product-interface
exit
service health-monitor
exit
service analysis-engine
virtual-sensor vs0
physical-interface GigabitEthernet0/0
exit
exit
Output from cidDump
cidDiag
CID Diagnostics Report Thu Mar 15 09:56:45 UTC 2012
exec: cat /usr/cids/idsRoot/etc/VERSION
6.2(4)E4
exec: /usr/cids/idsRoot/bin/ceGrep -e .*<\/defaultVersions> /usr/cids/idsRoot/etc/config/signatureDefinition/default.xml
632.0
2012-03-13
exec: cat /usr/cids/idsRoot/etc/VERSION_RP
1.1 - 6.2(4)E4
exec: cat /proc/version
Linux version 2.4.30-IDS-smp-bigphys (@zunix) (gcc version 2.95.3 20010315 (release)) #2 SMP Mon Dec 15 17:53:56 UTC 2008
exec: uptime
09:58:34 up 36 days, 23:50, 1 user, load average: 4.11, 2.07, 1.18
exec: ps -ew f
PID TTY STAT TIME COMMAND
1 ? S 0:28 init
2 ? S 0:00 [keventd]
3 ? SN 0:00 [ksoftirqd_CPU0]
4 ? S 0:00 [kswapd]
5 ? S 0:00 [bdflush]
6 ? S 0:00 [kupdated]
50 ? S 0:01 [kjournald]
75 ? S 0:00 [kjournald]
108 ? Ss 0:00 /sbin/syslogd -m 0
111 ? Ss 0:00 /sbin/klogd
123 ? Ss 0:00 /usr/sbin/inetd
127 ? Ss 0:01 /sbin/sshd
32127 ? Ss 0:03 \_ sshd: cisco@pts/0
32147 pts/0 Ss+ 0:01 \_ -cidcli
32151 pts/0 S+ 0:00 \_ -cidcli
32152 pts/0 SN+ 3:45 \_ -cidcli
32161 pts/0 SN+ 0:00 \_ -cidcli
634 pts/0 SN+ 0:00 \_ -cidcli
317 ? S< 0:00 /usr/cids/idsRoot/bin/SSM_control_proc
343 ? Ss 0:31 /usr/cids/idsRoot/bin/mainApp -d -c 0
346 ? S 0:27 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
347 ? SN 2:03 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
460 ? SN 0:02 | \_ /usr/cids/idsRoot/bin/sensorApp -z 347
487 ? SN 0:00 | \_ /usr/cids/idsRoot/bin/sensorApp -z 347
488 ? SN 12:22 | \_ /usr/cids/idsRoot/bin/sensorApp -z 347
505 ? SN 72:38 | \_ /usr/cids/idsRoot/bin/sensorApp -z 347
1656 ? S< 2346:40 | \_ /usr/cids/idsRoot/bin/sensorApp -z 347
348 ? S 65:11 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
413 ? SN 141:59 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
635 ? SN 0:00 | \_ /bin/bash /usr/cids/idsRoot/bin/cidDump -text -wxml -nostatus -stdout
714 ? RN 0:00 | \_ ps -ew f
414 ? S 0:00 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
420 ? S 6:13 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
433 ? SN 0:20 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
434 ? SN 0:01 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
435 ? SN 0:00 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
436 ? SN 0:02 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
437 ? SN 0:00 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
438 ? RN 3:23 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
439 ? SN 3:01 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
440 ? SN 2:58 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
441 ? RN 2:59 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
442 ? RN 3:00 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
443 ? SN 3:29 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
444 ? RN 3:03 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
445 ? SN 2:59 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
446 ? SN 2:59 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
447 ? SN 3:03 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
448 ? SN 2:42 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
452 ? SN 0:00 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
461 ? SN 0:22 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
462 ? RN 0:06 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
463 ? SN 0:04 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
464 ? SN 0:07 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
465 ? SN 12:01 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
699 ? SN 0:00 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
700 ? SN 0:00 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
703 ? SN 0:00 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
704 ? SN 0:00 \_ /usr/cids/idsRoot/bin/mainApp -d -c 0
384 tty1 Ss+ 0:00 /sbin/getty 38400 tty1
385 tty2 Ss+ 0:00 /sbin/getty 38400 tty2
386 ttyS0 Ss+ 0:00 /sbin/getty -L ttyS0 9600 vt100
426 ? SNLs 16:53 ntpd
exec: cat /usr/cids/idsRoot/tmp/top.log
top - 09:56:47 up 36 days, 23:49, 1 user, load average: 1.50, 1.00, 0.78
Tasks: 69 total, 3 running, 66 sleeping, 0 stopped, 0 zombie
Cpu(s): 2.0% user, 23.5% system, 3.3% nice, 71.2% idle
Mem: 477928k total, 445572k used, 32356k free, 6412k buffers
Swap: 0k total, 0k used, 0k free, 101912k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
644 root 20 5 508 508 432 R 51.9 0.1 0:01.09 grep
636 root 17 5 920 920 732 R 23.0 0.2 0:00.75 top
638 root 13 5 520 520 448 S 7.2 0.1 0:00.27 vmstat
1656 cids 5 -9 22828 346m 332m S 2.0 74.2 2346:33 sensorApp
1 root 8 0 572 572 488 S 0.0 0.1 0:28.91 init
2 root 9 0 0 0 0 S 0.0 0.0 0:00.00 keventd
3 root 18 19 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd_CPU0
4 root 9 0 0 0 0 S 0.0 0.0 0:00.09 kswapd
5 root 9 0 0 0 0 S 0.0 0.0 0:00.00 bdflush
6 root 9 0 0 0 0 S 0.0 0.0 0:00.00 kupdated
50 root 9 0 0 0 0 S 0.0 0.0 0:01.10 kjournald
75 root 9 0 0 0 0 S 0.0 0.0 0:00.05 kjournald
108 root 9 0 580 580 500 S 0.0 0.1 0:00.09 syslogd
111 root 9 0 564 564 488 S 0.0 0.1 0:00.03 klogd
123 root 9 0 704 704 608 S 0.0 0.1 0:00.01 inetd
127 root 9 0 852 852 732 S 0.0 0.2 0:01.05 sshd
317 root 5 -9 708 708 612 S 0.0 0.1 0:00.15 SSM_control_pro
343 cids 9 0 14316 13m 9596 S 0.0 3.0 0:31.11 mainApp
346 cids 8 0 14316 13m 9596 S 0.0 3.0 0:27.20 mainApp
347 cids 13 5 14316 13m 9596 S 0.0 3.0 2:03.26 mainApp
348 cids 9 0 14316 13m 9596 S 0.0 3.0 65:11.30 mainApp
384 root 9 0 536 536 456 S 0.0 0.1 0:00.04 getty
385 root 9 0 536 536 456 S 0.0 0.1 0:00.04 getty
386 root 9 0 544 544 464 S 0.0 0.1 0:00.04 getty
413 cids 13 5 14316 13m 9596 S 0.0 3.0 141:59.42 mainApp
414 cids 9 0 14316 13m 9596 S 0.0 3.0 0:00.00 mainApp
420 cids 9 0 14316 13m 9596 S 0.0 3.0 6:13.39 mainApp
426 root 13 5 2504 2504 1820 S 0.0 0.5 16:53.79 ntpd
433 cids 13 5 14316 13m 9596 S 0.0 3.0 0:20.64 mainApp
434 cids 13 5 14316 13m 9596 S 0.0 3.0 0:01.66 mainApp
435 cids 17 15 14316 13m 9596 S 0.0 3.0 0:00.01 mainApp
436 cids 13 5 14316 13m 9596 S 0.0 3.0 0:02.37 mainApp
437 cids 13 5 14316 13m 9596 S 0.0 3.0 0:00.01 mainApp
438 cids 15 10 14316 13m 9596 S 0.0 3.0 3:23.64 mainApp
439 cids 15 10 14316 13m 9596 S 0.0 3.0 3:01.15 mainApp
440 cids 15 10 14316 13m 9596 S 0.0 3.0 2:58.92 mainApp
441 cids 15 10 14316 13m 9596 S 0.0 3.0 2:59.74 mainApp
442 cids 15 10 14316 13m 9596 S 0.0 3.0 3:00.58 mainApp
443 cids 15 10 14316 13m 9596 S 0.0 3.0 3:29.60 mainApp
444 cids 15 10 14316 13m 9596 S 0.0 3.0 3:03.72 mainApp
445 cids 15 10 14316 13m 9596 S 0.0 3.0 2:59.21 mainApp
446 cids 15 10 14316 13m 9596 S 0.0 3.0 2:59.60 mainApp
447 cids 15 10 14316 13m 9596 S 0.0 3.0 3:03.92 mainApp
448 cids 13 5 14316 13m 9596 S 0.0 3.0 2:42.38 mainApp
452 cids 17 15 14316 13m 9596 S 0.0 3.0 0:00.17 m -
Is there a way to control the number of consumed messages from JMS?
Hi everyone,
I have a BPEL process that is consumes messages from a foreign queue, performs a transformation, and passes it to Oracle Apps. I'm curious if there is a way to control the number of messages consumed at a time for processing.
For example, if we place 50 transactions on this queue, I would like to only consume 10. And then as each one is processed and passed to Oracle Apps, I would like to pull another transaction off the queue. So basically I would only be processing 10 at the most.
The issue I am having is we put 50 on the queue and the 50 are take off right away. But then half are making it into Oracle Apps and the remainder is failing with a JCA Connection Factory max connection error.
Instead of changing the settings to get more through, I am wondering if it's possible to limit the number being processes at any one time.
ThanksHi,
Have a look at the adapter.jms.receive.threads Property for JMS Adapter...
http://docs.oracle.com/cd/E21764_01/core.1111/e10108/adapters.htm#BABCGCEC
Cheers,
Vlad -
IDOC Number from payload in Alerts with out BPM
Hi Everybody,
I need to send the IDOC Number as Alert for the user.
Is it possible to do with out BPM either by Alert Frame Work or CCMS?
Is there any alternative way to capture the Idoc number and display for the erroneous messages?
Helpful Answers will be rewarded points.
Thanks,
ZabiYes,
You can also do it via alerts.
Alert can be triggered in different ways.
1) Triggering by Calling a Function Module Directly. or from UDF
/people/bhavesh.kantilal/blog/2006/07/25/triggering-xi-alerts-from-a-user-defined-function
2) Triggering by Calling a Function Module in the Workplace Plug-In.
3) Triggering with an Event Linkage.
4) Triggering with the Post Processing Framework (PPF) or Message Control (MC)
5) Triggering from a Workflow.
6) Triggering from CCMS with autoreaction.
7) Triggering from BPM.
/people/michal.krawczyk2/blog/2005/03/13/alerts-with-variables-from-the-messages-payload-xi--updated
/people/community.user/blog/2006/10/16/simple-steps-to-get-descriptive-alerts-from-bpm-in-xi
8) Triggering alert by configuring a rule from RWB.
http://help.sap.com/saphelp_nw2004s/helpdata/en/56/d5b54020c6792ae10000000a155106/content.htm
Br,
Madan Agrawal -
How to delete all messages in Alert Inbox
Hi Guys,
Recently I have done Alert configuration. After that I got around 400 messages(mails) in my inbox. I am able delete one by one, but it is very time consuming. Is there any way to delete all mails at once.
Advanced thanks,
gujjetiHi Jai,
We have configured alerts in July 2007 and there are lot of messages in ALRTDISP.
Does huge number of Alert messages cause any harm to functioning of SAP XI?
We want to DELETE all these alert messages (NOT the Alert) in Production environment.
Can you please let us know if there is any transaction code/program to do the same in production.
Thanks in advance.
Regards,
Rehan -
How to exclude synchronous interfaces from component based message alerting
Hi Pi experts,
We are configuiring Alerts in PI 7.3 single stack.If we have 'n'number of interfaces, and if we configured general alerts for all.How to exclude synchronous interfaces in that.Alerting is for asynchronous interfaces only.How to do that.
Please advice on this.
Regards
SuneelHello,
>>What are your approaches regarding this requirement in the context of java-only?
I would suggest you to schedule jobs like this:
Customize Alerts Using Job in PI 7.31/PO
>> alerts are consumed according to the given interval and not in "real time" when error occurs, today solution using BADI is "real time" - if possible I would prefer "real time" solution
Check this:
Michal's PI tips: How to trigger an alert for Component Based Message Alerts (CBMA) via "API" ?
>>an separate service determine the actual alert count would be helpful to provide the correct value for maxAlerts, this have to be called beforehand
I haven't tried it but i think u can do that, since these consumers are nothing but JMS queues only so i think there will be a method to read number of alert counts.
>>In history I saw emails generated by the standard alert consumer which only contain details for the first alert, in my case I need details especially the message id for all errorneous messages
If ur max alert parameter is greater than 1 then u should see multiple alert text (along with message id and other details) in ur email message.
Thanks
Amit Srivastava
Maybe you are looking for
-
My iphone is being recognised by windows but not itunes
, ive tried to restart the mobile service thing but it won't let me click stop or start! ive reinstalled itunes and got a message saying apple mobile device failed to start! arrgh! help please
-
ITunes crashes on start up since installed Ace Media CodecS pack
First post and if truth to be told iv never had to use the support forums at Apple before because everything normally goes swimmingly well. But now im in dire need of assistance Basically, I did one of the most silliest things I could have done and i
-
What's the best way to load a local XML file into a Datagrid without using the HTTP service? Thanks
-
Trouble setting up Outlook 2007 Calendar & Tasks with Icloud
When trying to set up Calendars & Tasks with outlook I keep getting the message "Restart Outlook with Mail enabled before turning on Calendars and Tasks or Contacts - You need to add your icloud Mail account to Outlook before Calendars & Tasks or Con
-
Issue with canceling the reservations
What are the steps to cancel a reservation that was created as a 921 or a 201? What we have been doing does not seem to work correctly and I have a feeling it only back orders the item rather than canceling it because the order gets reprinted on the