Specific log entries not understood
Is there a location that we can review to explain what specific log entries are referencing as seen in the examples below in red:
1370444184.475 289 10.245.221.85 TCP_CLIENT_REFRESH_MISS/200 5041 CONNECT tunnel://fbcdn-dragon-a.akamaihd.net:443/ "tsp1dvc@Ldap" DIRECT/fbcdn-dragon-a.akamaihd.net - DEFAULT_CASE_11-Security_Access-Security_Access-NONE-NONE-NONE-DefaultGroup <IW_infr,4.0,"1","-",-,-,-,"-","-",-,-,-,"-","-",-,"-","-",-,-,IW_infr,-,"-","-","Facebook General","Facebook","Encrypted","-",139.54,0,-,"-","-"> -
1370444246.826 60622 10.245.221.85 TCP_CLIENT_REFRESH_MISS/200 93164 CONNECT tunnel://www.facebook.com:443/ "tsp1dvc@Ldap" DIRECT/www.facebook.com - DEFAULT_CASE_11-Security_Access-Security_Access-NONE-NONE-NONE-DefaultGroup <IW_snet,7.0,"1","-",-,-,-,"-","-",-,-,-,"-","-",-,"-","-",-,-,IW_snet,-,"-","-","Facebook General","Facebook","Encrypted","-",12.29,0,-,"-","-"> -
I am trying to troubleshoot a specfic configuration change and I am gaining access based on these entries, I am trying to block this access. Any help is appreciated.
Thanks
Dominick
Those are categories.
infr = infrastructure
snet=social networking
Not sure what version you're on, but if you're running 7.5 or higher, you can enable Application Visibility and Control on Security Services/Acceptable Use Controls, and then under Web Security Manager/Access Policies change what your users can do under Applications. This includes specific Facebook features.
Looking at your snips, you don't want to block Infrastructure as lots of sites use Akamai... and you may not want to just block Social Media...
You could create a custom category and block Facebook.com (there are a couple of other domains too... search this forum) but you may like the flexiblity that the AVC gives you instead.
Ken
Similar Messages
-
Log Entries not sorted in Problem work items
We have noticed that the Log Entries in all Problem work items appear to be randomly sorted. You can manually sort them by clicking on the column headers.
Log entries for Service Request and Incident work items are sorted by Created date as default which I guess is how most people would want them. Has anyone else noticed this or can this be configured locally somehow?
ThanksHi,
I checked my lab, and saw that only incident's log entries is sorted by date:
Log entries for SR and Problem are not sorted:
And this is hard-coded, if you want to sort them by date, we should click Date Time.
Regards,
Yan Li
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
[unknown] in log entry
Hi,
could you please help provide me some explanation about this specific log entry?
08-Nov-2009 20:11:59.79 tcp_intranet tcp_local EE 1 [email protected] rfc822;[email protected] [email protected] <[email protected]> domain.com ([unknown] [10.112.240.101])
I would like to understand what does the ([unknown] ... mean here? How can change this?
SJMS 7.1u3
Thanks,
Stefanvarga_stean wrote:
08-Nov-2009 20:11:59.79 tcp_intranet tcp_local EE 1 [email protected] rfc822;[email protected] [email protected] <[email protected]> domain.com ([unknown] [10.112.240.101])
I would like to understand what does the ([unknown] ... mean here? How can change this?The "[unknown]" refers to Messaging Servers attempt to perform a DNS lookup of 10.112.240.101 and getting no result i.e.
bash-3.00# host 10.112.240.101
Host 101.240.112.10.in-addr.arpa. not found: 3(NXDOMAIN)Why would you need to "change this"?
Regards,
Shane. -
DPS6: hiding attributes for entries not matching a specific objectclass
I'd like to be able to hide some attributes, but only for entries not matching a given objectclass.
DPS 6 allows data hiding rules to apply to a specific subset of entries, but the subset can not
be defined thanks to a negative filter such like (!(objectclass=MyAuxiliaryObjectClass)).
If I hide the attributes at the view level, then it takes precedence over any "allow rules", so I don't see how
I can achieve this.
Any idea ? support plan ?Just to add some more details, I've tried to use a virtual ACI in order to define my filter but there's no "targetfilter" support in DPS, and with different other ACI combinations, it can not work because there's no implicit deny ACI in DPS:
Even with only "allow dpsaci's" , attributes not specified in those dpsaci's are still allowed by the viewable-attr parameter of the view. Moreover, if I use the viewable-attr/non-viewable-attr view parameters, then the not explicitly allowed/explicitly denied attributes defined at the view level take precedence over the dpsaci's . -
Nokia E73- Call log does not display entries
I recently purchased a E73 by itself.
For some reason the call log does not display any telephone numbers or activity in recent calls; missed calls, received calls, dialed numbers. It would show that I have a missed call but when I enter it, it says (no missed calls).
Any ideas? Please let me know...
ThanksEnable and set log duration to 30days.
‡Thank you for hitting the Blue/Green Star button‡
N8-00 RM 596 V:111.030.0609; E71-1(05) RM 346 V: 500.21.009 -
Risk Assessment link with incident/accident Log entry.
Hi
Nee your input for below Challenge.
We are looking for development, which help us to link Risk Assessment with incident/accident Log entry in CBIH82.
Scenario - We would like to add Risk Assessment option in the incident / accident log entry screen, like we standard have function for safety measure
Thanks
Sunil JawalkarHi Sunil,
Are you attempting to u201Clinku201D the standard IHS Risk Assessment functionality to the Incident/Accident log?
In my opinion there is a fundamental problem with this solution approach. The standard IHS Risk assessment is inherently linked to a Work Area. The intention is to identify, evaluate and control risks and hazards that are encountered within a specific work area. This functionality supports measurement management and exposure management but does not fit well with the acute nature of the incident based risk assessment, although, a risk that is identified and addressed initially as the result of an incident may ultimately be added to the Risk Register of the Work Area where the incident occurred.
The best approach I have found is to enhance the incident record with a Risk Assessment tab that allows the user to identify the individual incident risks based on different risk impacts like People, Environment, Assets, Reputation, Quality and so forth based on client requirements. Any incident could have one or more risk impacts that contribute to the overall risk rating of the incident. Each u201Crisk impactu201D is evaluated on the clients standard risk matrix dimensions like Severity, Likely hood and so on. In this way each risk impact has a unique risk rating. You can then either identify one of the impacts as the main incident risk rating or have a routine that, based on logic and risk matrix, evaluates the unique risk impact ratings and determines an overall risk rating for the incident.
Once the unique risk impacts have been evaluated, there should be the ability to reevaluate each impact based on the controls or safety measures that have been implemented. These u201Cresidual risksu201D could be linked directly to the safety measure that addresses the risk so that the details of the control are apparent.
I would also consider some type of status management that would indicate when the risk assessment was complete. This could be used to enforce a risk assessment for incidents that meet predefined conditions like u201Cincident cannot be closed if it meets criteria 1, 2 and 3 and the risk assessment status is initialu201D. The risk assessment status could also be used support reporting requirements for outstanding risk assessments and so on.
To implement this approach, I would recommend utilizing one of the menu exits or, if possible, a custom Web Dynpro application linked via BAPI.
Hope this helps or at least spurs some thought.
Regards,
Scott -
Remote Log Targets not working in ACS
Dear all
I have 2 x ACS boxes configured as Primary & secondary.
In ACS1 - In monitoring and reports-> option I can see the User authentication, authorization and Accounting activities logs. I want to configure ACS2 as remote log server.
For that in ACS1, in System administration->Log configuration-> remote log targets->new
Added as - ACS2- 1.1.1.2 - in Advance options -
Port-20514 (default is 514, need to change to 20514 , Instructions from Cisco),
Facility mode - Level6
Maximum length -1024
In logging categoris - in Global - Edit "AAA Audit" - remote syslog Targets - i have added - Logcollector (ACS1) and ACS2.
In Log collector optin --> ACS1 is configured.
After this , i open ACS2 - Monitoring and reports optin to view the logs but when ever i click - it is diverting to ACS1.
if i change log collector in ACS1 as ACS2, i can see the logs on ACS2. so at a time i can see logs only one ACS box.
I would like to view the logs in both ACS boxes. can any one help me please.As per Cisco, you can not able to User 2 ACS boxes simultanously to recevie log messages. Remote Log targets for Syslog Server.
so, i can't use simultanously 2 x acs boxes , i need to go for syslog server.
Chapter 19, "Understanding Logging"
Configuring Remote Log Targets
You can configure specific remote log targets (on a syslog server only) to receive the logging messages for a specific logging category. See Chapter 19, "Understanding Logging" for more information on remote log targets. See Configuring Logging Categories, page 18-25 for more information on the preconfigured ACS logging categories.
Closing this ticket.. answered by Mohammed Feroz. -
Planning File Entry not generated for items releveant to PM
MRP procedure used for material is reorder based planning , in April -09 the stock for this material is consumed and becomes
zero (reorder point is 8 ,Maximum Stock Level is 8 ) and after that in MRP run the requirement is not generated .
But as per the setting of reorder point PR should be initiated.
When checked the MD21 , material is not flagged ,
I want to know the specific reason why only this material is not flagged for MRP run.
What all settings i can check ?
MATERIAL TYPE : YMRO OP Maint/ Repair/OperSup
Lot size : Repl. to max. stock level after cov. req
Procurement type : FHi,
Run the reports MDRE & MDAB to ensure the planning file entries are correct.
About your query what might have caused a entry not to be in planning file, well it could be many. So run the above reports & then run MRP & check the results.
Regards,
Vivek -
Configuring log location for Adobe Document Services specific log
Hi All,
Interesting one for you. I am currently helping to resolve a PDF rendering issue which is intermittent. I have sent the default trace logs to SAP, however, there is an additional adobe specific log which should be written to /usr/sap/<SID>/SYS/global/AdobeDocumentServices/renderErrorLog/errorFiles. However, my default trace is saying that they are written to the the wrong SID and also puts a double // between gloab and AdobeDocumentServices, which of course is never going to work.
The system in question is a fully supported system copy of our Production environment, created using SAP sapinst tools.
If anyone can point me in the right direction to edit/configure the renderErrorLog location I would be most relieved as there does not appear to be anything in the Visual Administrator or Config tool.
many thanksHi,
All the form-related services have to be started first: the IIOP on dispatcher and server, all the Document Services *, PDF manupulation and XML form module.
Then you should be able to register your credential.
Francois -
I just noticed that when I am done syncing, the Hotsync Log does not have any information about the most recent operation. In fact the date of the last entry in the Log is August! Anyone know why this is happening and how to fix this?
Thanks.
Post relates to: Treo 755p (Verizon)Now I know I've lost it--I'm replying to myself! Would you smart tech people please take a look at what I found and see if it means anything. Thanks!
Two more clues:
1) I was searching the Palm Knowledgebase and found out where the HotSync Log file is. When I open the file, using Explorer, this message pops up: 'To help protect your security, Internet Explorer has restricted this web page from running scripts or ActiveX Controls that could access your computer. Click here to...' If I allow it to run, the screen blinks but nothing seems to change. If I close the Log file and reopen it, it happens again. How can I stop this from happening to the file? Could this be the problem?
2) The Knowledgebase Article below tells how to create a new 'fake' log file to 'fool' the HotSync Manager. So I renamed the original log file, then created the new file as instructed. Then I did a HotSync. After the HotSync completed successfully, I opened the HotSync Manager and there is my new 'fake' log file that has only the words I typed into it when I created the file. Nothing in the Log about the operation at all!
Article ID: 38959 What does the error that ends with 'HotSync.log is missing' mean and how do I fix it?
The HotSync Manager is very particular: if it doesn't find things exactly as it expects, it won't work. One of the things it has to find in the right place is the HotSync log, a file where the HotSync manager records everything it does. See How can the HotSync log help me to troubleshoot HotSync problems? for more information about this file.
When you get this error, your HotSync Manager can't find the HotSync Log. This prevents you from performing a HotSync operation. Luckily, the HotSync Manager isn't too bright. Give it any file called HotSync.log and it will be happy again.
The easiest way to give it what it expects is to create a new text document, rename it, and put it in the folder where the HotSync Manager expects to find it. Here's how:
Launch the Windows Notepad. You can usually get to it by clicking on the Start Menu, choosing Programs, then Accessories and finally Notepad.
Type some text. You can type anything you want, as long as there's at least one character in the Notepad document.
From the File menu, choose Save As.
In the Save dialog, navigate to your user folder in the Palm or Handspring folder (find your user folder).
Name the document HotSync and click Save.
Launch Windows Explorer. You can get to it by double clicking on My Computer or by clicking on the Start Menu, choosing Programs and then Windows Explorer.
From the Tools menu, choose Folder Options.
Click on the View tab.
Uncheck the box next to Hide file extensions for known file types.
Navigate to your user folder.
Right-click once on the HotSync.txt document, and select "Rename" from the menu. Rename the file HotSync.log
Attempt another HotSync operation. If you still get the "HotSync.log is missing" message, contact Handspring.
Article ID: 38959 Article Type: Error, Troubleshooting, How To Date Created: Sunday, December 12, 2004 9:10:17 AM Date Modified: Friday, April 20, 2007 4:03:38 PM Relevant products: Treo 300, Treo 180, Treo 180g, Treo 270, Visor Edge, Visor Neo, Visor Pro, Visor Platinum, Visor Prism, Visor Deluxe, Treo 90
Post relates to: Treo 755p (Verizon)
Post relates to: Treo 755p (Verizon) -
Excessive log entries with buffalo linkstation
Hi all,
I am getting excessive log entries on my MacBook Pro (OS 10.6.7) that appear to be related to my Buffalo LinkStation HD-CELU2 external drive. This drive is connected to my Airport Extreme (latest firmware) via USB and acts as my iTunes (10.2.2) library, which also serves as the music source for a Sonos digital music system. A sample of the log entries follow:
4/18/11 8:15:22 PM com.apple.launchd[1] (jp.buffalo.NASPower) Throttling respawn: Will start in 60 seconds
4/18/11 8:15:39 PM com.apple.launchd.peruser.501[131] (jp.buffalo.NASPower[6798]) posix_spawn("/Library/PrivilegedHelperTools/NasNavigator2.app/Contents/MacOS/Na sNavigator2", ...): No such file or directory
4/18/11 8:15:39 PM com.apple.launchd.peruser.501[131] (jp.buffalo.NASPower[6798]) Exited with exit code: 1
4/18/11 8:15:39 PM com.apple.launchd.peruser.501[131] (jp.buffalo.NASPower) Throttling respawn: Will start in 60 seconds
It says that a file isn't found, and that could be because I uninstalled NASNavigator in an attempt to get rid of these extraneous log entries. Uninstalling the software seems to have only resulted in changing the messages (to "no such file"), not reducing or ending them.
This log entry is constant; it occurs even when the computer has no need to access the Buffalo hard drive. It makes it very hard to diagnose any other issues because it both clutters the log and causes it to only recall a couple of hours worth of log info.
Thanks in advance!Ho everyone, just registered as I have a Bold 9900 and am considering a Playbook with the new OS2. Does anyone know whether I will be able to get it to talk to my Buffalo Linkstation. think its a Pro Duo 2 and is about 2-3 years old.
-
.sh file usage log entries multiplied
Hi all,
I have a very strange problem: In order to find out what parts of a big application being used,
I have added the following line as the first executable line in every .sh file:
/application/sh_log $0
The file sh_log looks like this:
now=$(date +"%Y_%m_%d")
filename=/spool/logs/sh_log_$now.log
if [ -f $filename ]; # Does logfile exist?
then
echo $(basename $1)";"$(date +"%Y%m%d%H%M%S")";" >> $filename # Logfile exists, append log record
else
touch $filename # Logfile did not exist, create it
chmod 7777 $filename # Make it writeable
echo $(basename $1)";"$(date +"%Y%m%d%H%M%S")";" >> $filename # Ans append log record
fi
The application calls it's .sh files in a number of ways, but all of them originating from crontab.
What confuses me is that log entries often appear in tuples, that is, when the application's
.sh file is calling the file making the log entry, supposedly to make a single log entry, I'm still
getting 2, 3 or even more log entries with the same time-stamp (resolution: 1 sec).
I don't understand this and would appreciate if some guru here could give me a clou.
Regards
LarsHi,
I would log also PIDs together with script name: "/application/sh_log $0 $$". Then you could see whether the application script or sh_log is really called more times (different PIDs).
Also consider to use chmod 0777 instead of 7777. So, e.g.:
now=$(date +"%Y_%m_%d")
filename=/spool/logs/sh_log_$now.log
[ ! -f $filename ] && touch $filename && chmod 0777 $filename
#Format: my_PID;script_name;script_PID;timestamp;
echo $$";"$(basename $1)";"$2";"$(date +"%Y%m%d%H%M%S")";" >> $filename
Regards
Vaclav -
Create Application specific Log under NetWeaver 7.1 SP3
Hi
I want to create application specific Log and read the following article https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/f361cbea-0c01-0010-a3a0-8948bebb0a23
But I use the NetWeaver 7.1 SP3 and I cannot find the Log-configuration.xml. Please tell me how i can create the application specific log under NetWeaver 7.1 SP3?
And I find out the documents are not updated for Netweaver 7.1 SP3... It costs more time for me to find out a solution.
Thanks in advance
Kind Regards!
PingHallo
I think I find the solution
start <SAP_install_dir>/<system_name>/<instance_name>/j2ee/configtool and use the log configuration to change the settings..
Please read http://help.sap.com/saphelp_nwce10/helpdata/en/45/6c9bfc02d81c90e10000000a11466f/frameset.htm
Kind regards!
Ping -
Log entries in Service Consupmtion Layer Application Logs of Duet Enterpr
Dear all,
I need your inputs to solve the below mentioned issue,
There is a communication developed between MS sharepoint and SAP.
By using Mapper Classes for each and every operations the conversion of data format from Sharepoint to SAP and viceversa happens.
We can see the message or error logs created during the conversion process using the T-code /iwfnd/view_log.
But i want my custumized messages has to come in that log for that i used the following code in the mapper class Post method but still my logs are not coming in the T-code /iwfnd/view_log.
DATA: lo_logger TYPE REF TO /iwfnd/cl_logger,"logger singleton
lo_message_container TYPE REF TO /iwfnd/if_message_container,"message container
lv_message TYPE bapi_msg,
lv_log_material TYPE symsgv,
lv_log_plant TYPE symsgv,
lv_instance_counter TYPE i,
lv_previous_pur_doc TYPE char10.
CONSTANTS gc_log_agent_name TYPE /iwfnd/sup_iw_agent VALUE 'Dev Guide Purchase Req'.
CONSTANTS gc_log_msg_id TYPE symsgid VALUE 'ZDUET_SCL_PR'.
Get logger
CALL METHOD /iwfnd/cl_logger=>get_logger
RECEIVING
ro_logger = lo_logger.
initialize the post mapper log step
lo_logger->log_step_init(
EXPORTING iv_msg_number = 000 "Post Mapping started for Purchase Req Header Query
iv_msg_id = gc_log_msg_id " message class
iv_system_alias = iv_system_alias "Backend System Alias
iv_agent = gc_log_agent_name "Dev Guide Purchase Req
RECEIVING
rv_msg_handle = lv_msg_handle ).
lo_logger->log_message(
EXPORTING
iv_msg_type = /iwfnd/cl_logger=>info " Message Type
iv_msg_id = gc_log_msg_id " Message Class
iv_msg_number = 006 " Message Number
iv_msg_v1 = lv_instance_counter " Message Variable
iv_system_alias = iv_system_alias " System Alias
iv_agent = gc_log_agent_name " IW Agent
Else
read through the input parameters for logging query parameters
READ TABLE it_parameters INTO ls_parameters WITH KEY attr_name = 'MATERIAL'.
lv_log_material = ls_parameters-low.
READ TABLE it_parameters INTO ls_parameters WITH KEY attr_name = 'PLANT'.
lv_log_plant = ls_parameters-low.
get the message container to add messages
lo_message_container = io_request_data->get_message_container( ).
set the request result code to failed so a fault message can be created
CALL METHOD io_request_data->set_result_code
EXPORTING
iv_result_code = /iwfnd/if_srd_request_context=>cs_result_code-failed_permanent.
add the message to the message container, this will create an error log entry automatically
CALL METHOD lo_message_container->add_message
EXPORTING
is_object_key = ls_key
iv_msg_type = 'E' "Error
iv_msg_id = gc_log_msg_id
iv_msg_number = 004 "Query for Material &1 and Plant &2 returned no results.
iv_msg_v1 = lv_log_material
iv_msg_v2 = lv_log_plant
iv_is_leading_message = abap_true
iv_message_creator = gc_log_agent_name.
Endif.
end this post mapper log step
lo_logger->log_step_completion( EXPORTING
iv_msg_type = /iwfnd/cl_logger=>info
iv_msg_id = gc_log_msg_id
iv_msg_number = 002 "Post Mapping finished for Purchase Req Header Query
iv_system_alias = iv_system_alias
iv_agent = gc_log_agent_name
iv_msg_handle = lv_msg_handle ).
please let me know the answe for this issue.
Many thanks in Advance,
HarishHi Girimurugan,
I am currently working with SAP Gateway related stuffs and I need a clarification regarding the application log.
Hope you are very busy and please clarify the doubts if you can spare few minutes towards this query.
Appreciate your valuable advise towards this.
Query:
Can we log any of the different types of logs (I Info / W Warning / A Abort or Cancel / E Error ) into Application Log(/IWFND/APPS_LOG) of the Gateway system in a Hub deployment model ?
How the logging can be achieved?
What are the scenarios, wherein the Application logs are preferred?
Also I have already raised a query in the SCN with this link: http://scn.sap.com/message/15477543. But could not get much details about it.
Can you please clarify the same?
Thanks & Regards,
Mohamed Meeran -
Mysterious repeat log entries in System events log
I tried unsuccessfully to share internet connection with 2 iMacs without router(That doesn't matter). But after this, my iMac (24" 2.8 GHz) not networked or on internet now shows this repeated log entries every minute:
com.apple.launchd[1] (com.apple.InternetSharing): Throttling respawn: Will start in 10 seconds
This message gets repeated every minute on System events log. Daily, Monthly maintenance was not done automatically earlier today on this iMac (usually it did without any problem) which was on all-night.
I checked with Disk Utility, repaired permissions. Although no problems in working, this continuous log writings disturbs me.
Thanks for any help & Happy New Year!
Best.Thanks, V.K. Did that (was asked password). System log showed after restart:
com.apple.launchd[1] (com.apple.InternetSharing[152]): Exited with exit code: 1
com.apple.launchd[1] (com.apple.InternetSharing): Throttling respawn: Will start in 10 seconds
com.apple.launchd[1] (com.apple.InternetSharing153): Exited with exit code: 1
com.apple.launchd[1] (com.apple.InternetSharing): Throttling respawn: Will start in 10 seconds
Then it started again the same way as above - with each aditional line each time as shown above. Thanks for sticking with me on this. Hope you will offer other suggestions.
Best.
Maybe you are looking for
-
Safari quit unexpectedly while using the "AppleVA plug-in"
Hello all! Recently Safari won't open and I then get this message "Safari quit unexpectedly while using the "AppleVA plug-in". I ran disk utility and repaired permissions, but the problem is persisting. On a side note, I upgraded to Mavericks a fe
-
How can I perform data logging for a specific time??
hello everyone, I am quite new in labview and I have a basic question regarding data logging. Currently I am using a cRIO9074 and doing some data logging for my test. The data logging it self works ok so far. But my problem is I would like to write m
-
My toolbar with 'tools', 'bookmarks' etc. has disappeared. Where is it and how can I reinstate it?
-
Exporting extended EDL from FCP version 7.
Hello group, I am using FCP version 7 and would like to export an extended EDL which would support long reel names. Names that would correspond to 16 character RED names. Typically such an EDL has a reference list as the bottom of the EDL called a So
-
I have a Ipad3, it is impossible to delete the numbers of emails, it says that I have 13 messages and I dont have any so how can I delete the number