VMS 2.2 + IDS 4.1(2) - delay of events displaying.

Similar Messages

• VMS 2.1 IDS MC & VPN Routers MC Device Import Error

  Just installed standalone vms 2.1 and attempted to import devices into IDS MC and VPN Routers MC, but I get errors. The IDS MC error I get is importing configuration files from the sensor Could not find version in
  string "Unknown version". I followed the instructions from the following link on cco to resolve this, but no success: http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000_b/vpnman/vms_2_1/idsmc/user_gd/ch04.htm#xtocid5
  The VPN Router MC error goes something like import failed; check ssh configuration or password...don't remember the exact phrase...I configured the router for ssh by entering the crypto gen rsa ??? command, but still no success.
  Any advice appreciated and thanks in advance. BTW, versions are IDS Module for 6509 3.0(5)s39 and VPN Router 12.2(T1).

  Just try this : login as root; Run sysconfig-sensor; selec option 9; then 2; then 3; then 1;
  This creates host key for your sensor. Then type x till it asks for reboot. Reboot it.
  On VMS machine: Run C:\plink -ssh userid@ipaddress
  userid = Netranger for sensor appliance and Cisco IDs for IDMs; ipaddress = IP of sensr
  If it shows the warning like "warnig-Potential security breach; server
  host key does not match the with info on putty", either server admin has changed
  the host key or u connected to wrong machine which pretends to be server.
  The new key fingerprint is : xxxx
  xx:xx:...........
  If u were expecting this change and trust the new key, enter "y" to update Putty' cache and continue...
  Enter passwd of sensor.....Terminate the session by exiting.

• Delay in event driven log file data writing? Please help!!!

  System Information
  Operating System: XP
  Labview: 8.2
  Force sensor data acquisition via DAQPad-6070E
  Actuator: Actuator via MCS-3D controller
  Programming Information
  Number of events: 13
  Position read: Reads the position and the force sensor data every second.
  Move I &  Forward:  Moves the actuator forward with a define step size
  Two actuators are made to travel certain distance. A force sensor is attached to the system. The aim here is to acquire continuous data as per the defined time wait (1 sec). The data is logged in a text file which gives the position travelled from the actuator, the force sensor data with a time stamp.
  The issues I am encountering is during writing a file.
  For ex: When even is activated ( Move actuator at defined stepsize) the event are logged into the log file but the positions are updated into the log file only when the next event is activated. So it means that the positions and the force values are updated into the logfile after the consecutive event is executed. If you see the logfile ex inside the attachment the red block explains the event executed but the position are updated in the next line (event). This file is just for example.
  Please help here I am going wrong!
  Thanks in advanced
  Attachments:
  EventMoveex.PNG ‏582 KB
  Logfile.PNG ‏64 KB

  Dear Method M
  I find it out what was going on. As you mentioned that I was writing the values before the actuators achieving the final position, so I introduced a delay between the execution of two SubVI's. It isnt a clean method but it works.
  thank you very much!
  Regards
  Itz

• How to Delay an Event in a Process Chain

  Hey,
  We have a scenario in which we need to schedule a process chain in such a way that,the main chain contains the DSO load and the local chains contains the Cube load (One for NA and other for EU).
  I want to schedule it in such a way that two local chains of the main chain should be triggered at different times.

  hi...
  I think its getting pretty complex....instead of writing programs..use simle metachain thing which will solve your issue with simple process chain design.
  You have :
  Main Chain
  {Dso load
  Local Chain A(Eu) Local Chain B(Na)
  Now what you want is on the first run the main chain should trigger and only Local Chain A trigger.
  While on second run
  Main chain + Local chain B trigger.
  the simplest soultion
  Create 2 Metachains like below:
  PC1.
  Main Chain X
  {Dso Load
  Local Chain A(Eu)
  PC2.
  Main chain Y
  {Dso Load
  Local Chain B(Na)
  Now create metachain to combine
  Main Chain
  {PC1
  PC2
  So PC2 will start only when the PC1 has finished.
  Let me know if it is feasible for you.
  Regards,
  RK

• E-mail delay using "Event Data Change" in process chain

  Hi Experts.
  I can´t figure out why my process chain is taking so long to deliver a simple e-mail.
  The BEx Broadcast Configuration is working fine. When I run it manually, the e-mail comes instantly. But when I use process chain (Event Data Change), it takes hours to receive the e-mail. The option to run after the infoprovider data change is set for this configuration.
  Is there any additional configuration I have to check?
  All answers are welcome!
  Kind Regards,
  TP

  Hi Arvind. Thanks for your repply.
  I was already checking the SOST and also SCOT and RSBATCH to see if the jobs are running fine, and no problems so far.
  How can I check the IDOC´s?
  Thanks in advance.
  TP

• Delay the Button Display in a Menu?

  My menu is a motion menu. It has a short 'fade-in' animation that's timed to a background audio track. For buttons, i'm using an arrow. I'd like this arrow to appear at a specific point during the audio track. Is this possible?

  http://www.dvdcreation.com/articles/viewarticle.jsp?id=27738

• No events logged while VMS offline

  IDS and VMS are working fine, the issue is when my Windows box running VMS goes offline(crash, reboot....). I bring the VMS box back online and poll the IDS, but it reports no events.
  I tested it by running Nessus while the VMS box is offline, from the CLI I see events, but when the VMS box comes online and polls the IDS....Nothing...
  Do I need to setup the IDS to store the events until the VMS box can poll again?
  Thanks,
  Jamey

  I did a "sh event alert past 23:00" and it does show the old alerts, however security monitor still does not show then. It only show alerts that happen while it is connected.
  I cleared the alerts on the IDS. ran Nessus, then did "sh event alert past 23:00" and it did show the past events (from the nessus scan). I then turned on the VMS box. But security monitor does not show any events (it is set show earliest).
  Any other thoughts?
  Jamey

• Group Policy won't apply, No mapping between account names and security IDs was done.

  I am using Group Policy Preferences to remove users from the local admin group and add a local admin account.  This GPO is working on 90% of the Win7 machines on the network, but three laptops are not accepting the GPO.  I get the following error:
  Log Name:      Application
  Source:        Group Policy Local Users and Groups
  Date:          6/24/2014 8:49:28 AM
  Event ID:      4098
  Task Category: (2)
  Level:         Warning
  Keywords:      Classic
  User:          SYSTEM
  Computer:      laptop1.internal.com
  Description:
  The user 'Administrators' preference item in the 'Local Admin Policy - Remove Permissions {593ACD77-3663-4023-BEB8-938D83F7862E}' Group Policy object did not apply because it failed with error code '0x80070534 No mapping between account names and security
  IDs was done.' This error was suppressed.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Group Policy Local Users and Groups" />
      <EventID Qualifiers="34305">4098</EventID>
      <Level>3</Level>
      <Task>2</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-06-24T13:49:28.000000000Z" />
      <EventRecordID>68771</EventRecordID>
      <Channel>Application</Channel>
      <Computer>laptop1.internal.com</Computer>
      <Security UserID="S-1-5-18" />
    </System>
    <EventData>
      <Data>user</Data>
      <Data>Administrators</Data>
      <Data>Local Admin Policy - Remove Permissions {593ACD77-3663-4023-BEB8-938D83F7862E}</Data>
      <Data>0x80070534 No mapping between account names and security IDs was done.</Data>
    </EventData>
  </Event>
  I've searched high and low for an answer and nothing I find on-line seems to apply.  I also notice that the option to 'Run as Administrator' does not work.  If I right-click on cmd.exe and select 'run as administrator', the command box opens but
  I am not prompted for credentials and the command box does not have admin rights.  Not sure if this is related or not.
  Any help on this would be greatly appreciated.
  Thanks,
  Joe

  Hi,
  Delete your  remove action from the GPP and push it again, does this issue still occur?
  If it still exists, let’s collect the GPP log for analysis:
  Group policy Preference debug logging policy settings are located under:
  Computer Configuration\Administrative Templates\System\Group Policy
  Click Logging and tracing, select local users and group preference logging and trace.
  Meanwhile, just a similar issue, but it is worth trying:
  A user is added to the wrong group on a client computer that is running Windows 7 or Windows Server 2008 R2
  http://support.microsoft.com/kb/2280515
  If you have any feedback on our support, please click
  here
  Alex Zhao
  TechNet Community Support

• How to use the discrete unit delay function with the simulate signal as the input?

  Hi there,
  I want to use the simulate signal as the input. First, i downsample the input with the downsampler.vi. Then I want to feed the output of the downsampled signal to the discrete unit delay block and display the delayed signal on the graph.
  Somehow I can't use the delay block properly, do anyone know how to fix that?T_T
  thanks!!!!
  Ivy
  please see the attachment
  Attachments:
  test.vi ‏164 KB

  Hi nozombie,
  In your VI the Delay VI only delays the measurment for one interation of your simulation loop.  What are the results that you hope to see?
  Regards,
  Mike Altmann
  LabVIEW Platform PSE
  National Instruments

• Delaying display of components

  hi,
  i would like to add many components in a JPanel. i want some delay between the display of each component. i tried thread.sleep() and SwingUtilities.invokeAndWait() but they dont work as i expext it to.
  could you help me out ?
  thanks,
  raj

  //  buttonTest.java
  import javax.swing.*;
  import java.awt.*;
  public class buttonTest extends JFrame implements Runnable
      JButton buttons [];
      Thread thread1;
      public buttonTest()
          Container c = getContentPane();
          JPanel panel = new JPanel(new GridLayout(3,4,10,10));
          c.add(panel);
          buttons = new JButton[12];
          for(int counter = 0; counter < 12; ++ counter)
              buttons [counter] = new JButton("" + counter);
              panel.add(buttons[counter]);
              buttons[counter].setVisible(false);
          thread1 = new Thread(this);
          thread1.start();
      public static void main (String args [])
          buttonTest bt = new buttonTest();
          bt.setSize(400,200);
          bt.setVisible(true);
      public void run ()
          int counter = 0;
          while (counter < 12)
              try
                  thread1.sleep(1000);
              catch (InterruptedException e)
                  System.out.println (e.toString());
              buttons[counter].setVisible(true);
              ++ counter;
          } // end while
      } // end run
  } // end class

• IDS Sensor 4.1 doesn't capture events.

  My IDS Sensor 4.1 stops capturing events after some time. I don't know if maybe it is because there are a lot of VLANs in SPAN and the IDS doesn't support all this traffic. Am i wrong?
  Here is the show ver output:>
  # sh ver
  Application Partition:
  Cisco Systems Intrusion Detection Sensor, Version 4.1(4)S174
  OS Version 2.4.18-5-phoenix
  Platform: WS-SVC-IDSM2-BUN
  Sensor up-time is 20:49.
  Using 337403904 out of 1979682816 bytes of available memory (17% usage)
  Using 2.0G out of 17G bytes of available disk space (13% usage)
  MainApp 2005_Feb_15_10.32 (Eng4g) 2005-02-15T10:35:34-0600 Running
  AnalysisEngine 2005_Feb_15_10.32 (Eng4g) 2005-02-15T10:35:34-0600 Running
  Authentication 2005_Feb_15_10.32 (Eng4g) 2005-02-15T10:35:34-0600 Running
  Logger 2005_Feb_15_10.32 (Eng4g) 2005-02-15T10:35:34-0600 Running
  NetworkAccess 2005_Feb_15_10.32 (Eng4g) 2005-02-15T10:35:34-0600 Running
  TransactionSource 2005_Feb_15_10.32 (Eng4g) 2005-02-15T10:35:34-0600 Running
  WebServer 2005_Feb_15_10.32 (Eng4g) 2005-02-15T10:35:34-0600 Running
  CLI 2004_Apr_15_15.03 (Release) 2004-04-15T15:11:59-0500
  Upgrade History:
  * IDS-sig-4.1-4-S172 08:51:06 UTC Wed Jun 01 2005
  IDS-sig-4.1-4-S174.rpm.pkg 15:13:12 UTC Wed Jun 08 2005
  Maintenance Partition Version 2.1(1)
  And here is the "sh event" output:
  # sh event
  evError: eventId=1099377235773324837 severity=warning
  originator:
  hostId: CISCO-IDS
  appName: sensorApp
  appInstanceId: 1206
  time: 2005/06/10 08:43:21 2005/06/10 10:43:21 GMT
  errorMessage: name=errWarning Producer appears to be out of superblocks...consider configuring TCPReassemblyMode to loose FreeBlocks: 2155
  evError: eventId=1099377235773324838 severity=warning
  originator:
  hostId: CISCO-IDS
  appName: sensorApp
  appInstanceId: 1206
  time: 2005/06/10 08:43:23 2005/06/10 10:43:23 GMT
  errorMessage: name=errWarning Producer appears to be out of superblocks...consider configuring TCPReassemblyMode to loose FreeBlocks: 2155
  But i have already configured TCP Reassembly Mode to 'loose' and it does the same: after some time, it logs a few events and starts logging this event, but the Security Monitor stops showing me any Alarm. What can I do to solve this?
  Thank you very much.

  When the IDSM2 starts crashing (i mean, logging only this event), i clear the IDSM2 interface counters and i realize that no packet are processed and the "missed packet percentage" grows and grows.
  That means after this crashing it stops processing packets and loses every traffic it receives. The question is why? And how can i solve this?
  Thanks everybody.

• WAD Report delaying to display output

  Hello,
  WAD report taking 6 min time to display the output but the same  report displaying output
  in 1 min 50 sec when I executed in BEx Analyzer
  The Same BEx report I incorporated in WAD but it's delaying to display the output.
  What might be the cause in delaying the output display.
  Srujay

  Hi,
  Please to use the new cache mode as note:
  1026944 - New cache mode for BI 7.0 without directory
  As per the note:
  To activate the new cache mode, run the report SAP_RSADMIN_MAINTAIN with
  the following parameters and the option "INSERT":
  OBJECT:    RSR_CACHE_ACTIVATE_NEW
  VALUE:     X
  After this procedure you can benefit from the new cache mode by
  activating it for your query or queries. Go to RSRT -> enter query -> properties ->
  cache mode: 5 Cluster Enhanced should be selected.
  Or via mass maintenance to all queries (transaction RSRT -> menu "Environment" -> "Mass Maintenance").
  It should resolved your issue.
  Thanks,
  Venkat

• IDS & Cisco Works SIMS

  Hello,
  I try to integrate a IDS 4.1 appliance to Cisco Works SIMS 3.1 (Netforensics) . But I fail for 2 days now. I can see that the CSIDS4 agent tries to connect to the IDS sensor with TCP port 443 but in the logs I always can see a "failed to conntect host".
  I configured the "NF CSIDS Agent":
  "Date Processor Data1" -> "CSIDS4 AGENT PROTOCOL" -> "MODE = SECURE"
  There is a field: "signature"
  Do I need fill out that field? What is the correct input for that field?
  Or ist "mode" secure the wrong mode?
  Has anybody integrated a Cisco IDS 4.1 to NetForensics 3.1 successfully?
  PLEASE HELP!
  Thanks a lot
  Markus

  Hello,
  On the IDS Sensor I found that error events:
  evError: eventId=1050261859615885102 severity=error
  originator:
  hostId: idssensorgraz01
  appName: cidwebserver
  appInstanceId: 11821
  time: 2004/10/18 07:28:23 2004/10/18 09:28:23
  errorMessage: name=errUnclassified srvcReq protoErr: unexpected_message [10,0]
  2. evError: eventId=1050261859615885103 severity=error
  originator:
  hostId: idssensorgraz01
  appName: cidwebserver
  appInstanceId: 1153
  time: 2004/10/18 07:28:23 2004/10/18 09:28:23
  errorMessage: name=errTransport WebSession::sessionTask(4) TLS connection exception: handshake incomplete.
  Maybe that helps?
  Markus

• Long delay for ManagedEventWatcher __InstanceCreationEvent query as number of user sessions increases

  We have a Windows service that monitors for process start events and sends notifications to client applications.
  We have discovered that the delay between when a process starts and when our EventArrivedEventHandler is called gets excessively long when the number of user sessions on the Windows server gets to about 80.
  The delay gets worse as the number of user sessions gets higher.
  The delays are not consistent. Even with 100 sessions some observed delays are short but most are too long and the maximum observed delay grows with the number of sessions.
  Here is one example of the delay we are seeing.
  A client application wrote its first log record to its log file at 11:05:34.076. Our EventArrivedEventHandler did not get notified of the process start event for the client application until 18 seconds later (at 11:05:52.188 ).
  We need the delay to be less than 5 seconds to be tolerable and would like the delay to be less than 3 seconds if possible.
  Is there something we can do to reduce the delay? Below are the details of our use of WMI.
  We are using an instance of class WqlEventQuery to represent a WMI event query in WQL format.
  We are constructing an instance of ManagementEventWatcher to consume events asynchronously.
  Below is how we are instantiating and running the query. Variable m_PollingIntervalInMilliseconds is set to 1000 by default.
                  WqlEventQuery query = new WqlEventQuery("__InstanceCreationEvent", new TimeSpan(0, 0, 0, 0, m_PollingIntervalInMilliseconds), "TargetInstance isa \"Win32_Process\"");
                  m_ManagementEventWatcher = new ManagementEventWatcher(query);
                  m_ManagementEventWatcher.EventArrived += new EventArrivedEventHandler(managementEventWatcher_EventArrived);
                  m_ManagementEventWatcher.Start();
  Our Windows service is not the only user of WMI services on the server. I do not know if there is contention with other users of WMI services or if there is something about the way we are consuming WMI services that is inefficient.

  Hello RossAtWFMC,
  It seems that the services are working with a complex environment, and currently, we do not have such an environment which could reproduce this issue you described. Anyway, I would like to share whatever I found and some suggestions about this issue:
  >> called gets excessively long when the number of user sessions on the Windows server gets to about 80.
   The delay gets worse as the number of user sessions gets higher.
  This seems to show that the issue is related with the number of user sessions, it may be that when with lots of user sessions, there are something additional delay the event to be fired. As you mentions, there are other services on that server machine, if
  possible, you could make a test to run your WIM service only to see if it is still delayed.
  >> Is there something we can do to reduce the delay?
  I suggest that you could check this blog below which provide a way to debug with the .NET course code:
  http://blogs.msdn.com/b/dotnet/archive/2014/02/24/a-new-look-for-net-reference-source.aspx
  So that you could know which method inside costs most time.
  From your provided code, it is not very clear if you use multi threads in your service, if not and your event handler is short, you could have a try with it, and there is a discussion about this topic:
  https://social.msdn.microsoft.com/Forums/en-US/13f30e33-7f61-498e-a91a-ef982a63453c/event-handling-in-multithreaded-apps?forum=netfxbcl
  Regards.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• VLAN Trunk using Set-VMNetworkAdapter cmdlet

  Hello,
  Does anyone have expereince with Trunkking in Hyper-V?
  We have four VMs using VLAN IDs: 2,4, etc.
  One VM 2008R2 is setup as a Router. What we want is to allow 2008 R2 VM to accept traffic from VLAN IDs 2 and 4.
  Please see image below for the configuration made:
  As you can see in image above, Red1 and Blue1 VMs are configured with 2 and 4 VLAN IDs but none of them can ping the gateway (2008 Router VM). 
  Thank You,
  AL

  Hi AL,
  Sorry for the late , I  am afraid  RRAS does not have the function like "One-armed router" .
  So , there is no trunk configuration in my test :
  1. create a new virtual switch
  2. one RRAS router has two virtual NICs with different Vlan   (NIC1 : 192.168.1.1/24 Vlan2 , NIC2 :192.168.2.1/24 Vlan3).
  3. connect the two NIC to the new virtual switch
  4. VM1 with IP 192.168.1.2/24  GW : 192.168.1.1/24 Vlan2  and  VM2 with IP 192.168.2.2/24  GW : 192.168.2.1/24  VLan3  ,both connect to the new switch
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.