Source Groups & IP Logging

Similar Messages

• Source Group and preserving IP Adress from the client

  Hi to all
  I have a question regarding source Group. Is there a way when I use Source group to preserve the Ip Adress from the client for the purpose to log the IP Adress of the Internet client

  no. there is no way.
  Gilles.

• Limitation on source group with services using ip address range

  Hello,
  I have an interface on CSS which I regard as public and another interface I regard as private. On the private interface is a server farm with private ip addresses. Since the server admin guys insisted the servers need to access internet just for Windows Update, I made a source group to NAT the private addresses to public addresses to allow the servers to access internet.
  I defined services for use by the source group. Since keepalive is not important in this case, I set keepalive none to ,I hope so, save system resources.
  I have server 192.168.1.1-5 (5 servers) and 192.168.1.11-14 (4 servers), so I made a service with ip address 192.168.1.1 range 5 and another service 192.168.1.11 range 4.
  But then I found that the two services cannot be put in the same source group. It is because of the different range in the service definition.
  I can get it work if I define services with single ip address, but then I will have a long configuration with repetative information. And I think this may be using more system resources.
  I can also get it work if I include 192.168.11.15 and define two services both with a range of 5 ip addresses. But 192.168.11.15 is not actually there.
  Why is there such a limitation on source group, or services with ip address range? Is there the same limitation for content rules? Or am I getting it all wrong and should do the configuration in other ways?
  Advices will be welcomed.
  CT Yau
  Hong Kong

  Yes you are correct. There is a limitation while adding services into source groups.
  You can create as many services that share an ip range (eg. a /24 subnet range). But the trouble starts when you add them into source groups. You can not add them into a source group NOR you can add them under different source groups as well.
  You mentioned that you can use single ip adress instead of range for the services...but it is not true as you will be stuck when you add them into source groups.
  I can think of these following options in your case.
  Option 1
  Change the ip range on the servers. Use 2 different IP ranges one for those 5 servers and another for those 4 servers.
  Create 2 services for each range.
  Create 2 groups and add the services.
  service server-out-192.168.1.1-5
  ip address 192.168.1.1 range 5
  active
  service server-out-172.168.1.11-14
  ip address 192.168.1.11 range 4
  active
  group server-out-192.168.1.11-14
  vip address x.x.x.1
  add server-out-192.168.1.1-5
  active
  group server-out-172.168.1.11-14
  vip address x.x.x.2
  add server-out-172.168.1.11-14
  active
  Option 2
  Create a service that includes all the ip addresses starting from 192.168.1.1 through .14 using the range keyword.
  Now you need to create one source group with a VIP. Add the service to the source group.
  If you do not want to cover the unassigned ip addresses just move them up and use consecutive ones.
  service server-out-192.168.1.1-14
  ip address 192.168.1.1 range 14
  active
  group server-out-192.168.1.11-14
  vip address x.x.x.x
  add service server-out-192.168.1.1-14
  active
  thanks

• Data Source Groups in Query no reflecting changes in Admin

  Version of US used: 1.0.3
  I removed some data source groups and add new ones in the Admin Application. But the default Query Application does not reflect these changes. That is, when I go to Advanced Search in the Query Application, the list of Data Source Groups displayed (i.e. the checkboxes) does not include the new ones I added and it still shows the ones I already deleted.
  My question: how to update the data groups in the Advanced Query Screen? Do I have to execute all the schedules again before the updates are reflected?
  Thanks!

  Hi,
  The caching Cindy was referring to is NOT in the browser. It is in the JSP middle-tier.
  The JSP cache the data groups information to avoid fetching from the database everytime,
  since data groups change infrequently.
  In addition, in 1.0.3 version, this cache does not have any invalidation logic. So once the
  search application has started (after first use), the data groups will never change unless
  the application server (apache+jserv) is restarted.
  Please restart the application server to see your changes take place. If you wish, you can
  change the caching logic in the jsp itself. You may implement some trivial invalidation based
  on time, or disable it if your server can handle the load.
  Note: Ultra Search samples in 9.0.2 or later releases have invalidation of cache every 15 mins
  or so.
  David

• CSS VIP Issues (Source Group with 'add destination service')

  I have a pair of Cisco CSS 11503 boxes with a ap-kal-pinglist applied to both virtual routers, as a Critical Service, on the Primary CSS.  When a link goes down, the VRRP fails over all traffic to the Secondary, as expected, but there is an issue with two particular VIPs.  These VIPs have Source Groups configured, like below:
  group WEBSITE_ABC
    add destination service XYZ_Server_1
    add destination service XYZ_Server_2
    vip address 10.10.3.25
    active
  group WEBSITE_XYZ
    add destination service ABC_Server_1
    add destination service ABC_Server_2
    vip address 10.10.3.24
    active
  Once a failover occurs, the VIPs are unreachable via a browser.  I have also seen 1 VIP OK and 1 VIP not, but never both working.  At times, when I failback to the Primary, the VIPs are OK again.  The services are reachable via a browser during this issue.
  any ideas?

  You need to check if during the failover the css sends a G-ARP to inform that the arp associated with the nat ip address now belongs to the secondary css.
  Get sniffer trace during failver and check if this g-arp is sent.
  If not, this is a bug and you need to report it.
  If yes, then the problem is not the CSS but another device on the path...did the switch correctly learned the new path ?  Does the server have the correct arp table ?
  Gilles.

• Can we assign two repeating frames to have the same source(group)?

  hi all,
  can we assign two repeating frames to have the same source(group)?..pls reply soon... bye..

  You can assign the same source group to two repeating frames.
  For more information on repeating frames, refer to the Oracle Reports Building Reports manual available on OTN: http://www.oracle.com/technology/documentation/devsuite.html

• Source groups on css

  Is it possible to load balance on non directly attached servers using source groups.
  I have an application that needs port 80 balanced to servers behind the css. The same app needs ports 7003 and 7004 balanced on the same vip to app servers many hops below the css.
  Thanks

  my config is a css interface on a network facing the internet (external vips) one interface facing internal users (internal vips) and one interface to backend servers.
  routing sends internal ips to and back the internal vips interface and 0.0.0.0 is out to the internet
  what would a config look like?
  define services of servers a few hops away with keepalive ping?
  create 2 source groups with the same ip of the interal vip and a group with the outside vip? add destination servers of the hops away servers to the group?
  Create content rules that points ports 7003 and 7004 to the services of the servers several hops away?
  Thanks
  Steve

• Use of content rule vs source group for NATing

  To NAT outgoing flows out of two servers, is it necessary to define a content rule and source group (or is just a source group sufficient?).
  Having trouble with Option 2.
  Option 1:
  service svr1
  ip address 192.168.10.1
  no port
  protocol tcp
  active
  Also does CSS do NAPT i.e. alter the source port number for outgoing packets from source groups?
  service svr2
  ip address 192.168.10.2
  no port
  protocol tcp
  active
  content outflows
  protocol tcp
  add service svr1
  add service svr2
  vip address <externalip>
  active
  group outgrp
  vip address <external ip>
  add service svr1
  add service svr2
  active
  <add appropriate acl>
  Option 2:
  service svr1
  ip address 192.168.10.1
  no port
  protocol tcp
  active
  service svr2
  ip address 192.168.10.2
  no port
  protocol tcp
  active
  group outgrp
  vip address <external ip>
  add service svr1
  add service svr2
  active
  <add appropriate acl>

  to nat connections initiated by the server, you only need a source group.
  No need for a content rule.
  The CSS will port nat.
  Gilles.

• Is there any way of grouping calls logs from same person/number/contact in call record on iPhone5?

  I've just moved from BBry to iPhone5, and must admit that I am pretty dissapointed with the device.
  I cannot find the way to group call logs from the same person/nmber/contact in call records, so I ended up with having multiple records (sometimes 7-10) for calls to and from the same number. Any solution for this?
  Also, I cannot find the way to insert multiple attachements to my e-mails. How to do it?
  Another issue I have is that I am not able to use most of the apps via WiFi, won't load pages, refresh, etc. When switched to cellular network, works fine. How to solve it?
  All in all, device that costs $800 should have at least those basic functions, rahter than just being pure teenagers' show off phone! Business phone - no way!

  Anupam,
  If you are using 11.5 just keep in mind that the JCO connection points to a single application server (based upon the SAP Server alias connection settings), but the traffic itself to make a BAPI request is effectively the same as any client user traffic.  There will obviously be limitations on performance and throughput, with network and server constraints added to the number and size of the R/3 requests, but there is no magic formula to plug-in because of all of these variables.
  If you are using 12.0 (or plan to migrate when it goes GA) then taking advantage of the JRA (java resource adapter) and the associated application server pooling that it offers on the NetWeaver side of things will greatly help you in the throughput capacity.
  If you have put some of your xMII application into either test or productive use and are running into issues then I would highly recommend entering the specifics into the customer / partner support portal so that they can help you through any associated problems.
  Regards,
  Jeremy Good

• Customize search page - limit or preset source group selection

  I would like to use my SES for two completely different groups of sources.
  Users will search either in source/group A or in source/group B. But they will never search in both A and B.
  The best would be to have two different search pages, one for A and second for B only.
  Is there a way how to customize a search page to search aways in one source/group of sources?
  Or is there a way, how to preset some source group? So that user does not have always to click Browse and choose the group?
  Thank you,
  Lukas

  Any update?
  Thanks!

• Css is it possible to use two VIPs with one source group?

  I have separate VIPs defined for balancing dns and radius. Both services are being balanced behind the CSS between two servers running both services. Is there a way, using source groups, to have the outbound dns udp lookups go out the associated dns VIP and a client's returning radius udp traffic sourced from the associated radius VIP?
  Just a note for clarity: both services defined for dns and radius have the same ip addresses. I can only define one of the services(i.e. dns) in a single source group which automatically associates the other service (i.e. radius) to that group.

  If I understand your question correctly, you want to have the same real server respond with a different source address based on with VIP was used to get to it.
  You can only put on instance of the server's ip address into a source group. That is you can't add the service name used for one rule into one group, and the service used in the other rule into another group, since the CSS only looks at the source address when it is determining to use the source group based on the service named in it. In order to have the same server use two different source groups, you would need ACL clause with the sourcegroup option, like
  permit any 10.0.0.1 eq 53 dest any sourcegroup
  permit any 10.0.0.1 dest any sourcegroup
  Michael

• Z10 group call log

  Hi all,
  is there any way to group call by name in Z10 call log/call history? With old BB, calls were grouped by name and was easy to see contact's call history; now, If a contact call me 10 times, I have 10 entry in my call log and, with a daily  huge amount of calls it's annoying
  Any help?
  Thank you

  Hey MarioR2013,
  Welcome to the BlackBerry Support Community Forums.
  Thanks for the question.
  My apologies, this feature is not available.  We do appreciate the feedback though.
  Let me know if you have any more questions.
  Cheers.
  -ViciousFerret
  Come follow your BlackBerry Technical Team on Twitter! @BlackBerryHelp
  Be sure to click Like! for those who have helped you.
  Click  Accept as Solution for posts that have solved your issue(s)!

• Group Call log

  Hi guys, 
  I need to keep a log of business calls I'm doing on skype in terms of time spent/duration but although I get a basic call duration (mostly) on individual contact calls, it doesn't seem to show this on my group calls. It only shows the call start time, not the finish or final duration. 
  Is there a way to fix this?
  THanks
  C

  When I call a group I see this. Are you using the latest version (7.4)?
  Attachments:
  ss+(2015-05-14+at+02.09.22).png ‏3 KB

• NX-OS 6.2 Cannot specify interface vlan as source-interface for logging

  I have the following config on Catalyst: 
  logging source-interface Vlan1024
  I want to be able to specify an interface vlan as the source-interface on NX-OS. The only option I can get is to use a loopback interface as the source-interface, but I want to specify an SVI. Is that possible with NX-OS? 
  NEXUS-7710(config)# logging source-interface ?
    loopback  Loopback interface

  Hello
  AppleWorks is bundled with only SOME machines, the iBook, iMac G5, eMac and macMini.
  Of course, as the media used is a DVD with a huge capacity, the app is stored on the support wher the operating system SPECIFIC to the machine is also stored.
  But this implies NO link with the two products.
  AppleWorks 6 was carbonised in a hurry to show that the thing was do-able.
  My point of view is that it was done assuming that a replacement app would be available quickly. So, stick to human guidelines was certainly not a priority.
  In fact, what was thought to be a short period beame a long one because Mac OS X needed a lot of time to become a sufficiently stable basis on which Apple was able to build a successor to AppleWorks and, as we all know, the successor named iWork is far from a complete product. There is nothing like a spreadsheet or a database tool.
  So, we have to continue to use our old fashioned AppleWorks (which is also, for many of us an old friend whith sympathetic wrinkles.)
  Yvan KOENIG (from FRANCE lundi 30 janvier 2006 19:00:44)

• Bulk Add Users to Group Using Log on Name

  I have found that the following windows command will add a user to a group in AD:
  dsquery user -samid <logonname>|dsmod group "CN=<groupname>,CN=Builtin,DC=<domainprefix>,DC=<domainsuffix>" -addmbr
  My question is how can I package this into some sort of script to take the logon names (samid) of many users a run them through this so that they are each added to my group?

  @echo off
  setlocal
  set pwd= password
  for /f  %%a in (users.txt) do (
  dsadd user "CN=%%a,OU=<OU> ,DC=<DC>" -pwd %pwd%
  You can add users in users.txt
  I hope this works
  \m/