WSA access logging for HTTPS traffic

Hi,
We have a WSA s370 with AsyncOS  version 7.5.1-079 and it is configured as a transparent proxy.
HTTPS proxy is enabled and all the URL categories set to pass through ( no decrytpting or monitoring ).
Seems like the WSA does not generate logs for HTTPS transactions.
I would like to know whether this is the expected behaviour.
Is there any way that I can monitor HTTPS transactions without decrypting ?
Thanks,
Wipula.

In addition to what Ken mentioned, the only way you can monitor HTTPS traffic without decrypting it will be done so using the IP address.
In the access logs, you will see the following transaction when accessing an HTTPS site (google for example):
TCP_CONNECT 74.125.101.50
It will only report URLs once decrypted.  At that point, it is just HTTP.
-Vance

Similar Messages

  • Username not showing up in access log for authenticated users

    I'm using form-based authentication in a Java web application on Sun One Web Server v6.1 to restrict access to authenticated users. However, even after the users authenticate and access the application, the username field in the access log is showing them as anonymous.
    request.getRemoteUser() is reporting the correct username, so it just seems to be the access log that is in error. Right now it is set to the default but changing formats to custom doesn't seem to help in displaying the username.
    Here's an excerpt from the access log:
    // anonymous access attempt, redirects to login page...
    10.100.168.110 - - [01/May/2006:14:34:42 -0400] "GET /profile/index.jsp HTTP/1.1" 302 0
    10.100.168.110 - - [01/May/2006:14:34:42 -0400] "GET /profile/login.jsp HTTP/1.1" 200 3355
    10.100.168.110 - - [01/May/2006:14:34:47 -0400] "POST /profile/j_security_check HTTP/1.1" 302 0
    // at this point they are logged in and their username should be reflected in the access log, but is not:
    10.100.168.110 - - [01/May/2006:14:34:47 -0400] "GET /profile/index.jsp HTTP/1.1" 200 3532 And the relevant code from the web application's web.xml:
    <security-constraint>
        <web-resource-collection>
          <web-resource-name>AllFiles</web-resource-name>
          <description>
                     Restricts anonymous access.
                  </description>
          <url-pattern>/*</url-pattern>
          <http-method>POST</http-method>
          <http-method>GET</http-method>
        </web-resource-collection>
        <auth-constraint>
          <description>
                   Authenticated Users
                  </description>
          <role-name>user</role-name>
        </auth-constraint>
      </security-constraint>I've searched the forums and the manuals but can't see anything showing that the access log's username field doesn't work with form-based authentication. Can anyone shed some light on this?

    Some background:
    The Java Servlet container has its own authentication infrastructure (which is what you configure in web.xml) which is separate from the non-Java authentication infrastructure (ACLs, etc.). If you set up authentication via ACLs the resulting user identity can (though you may configure it not to) propagate to the Java Servlet container such that request.getRemoteUser() will return it, even though no web.xml-driven authentication occurred. The coverse is not true, however: if you authenticate via a Java Realm, based on web.xml configuration, that user identity is not available to non-Java code.
    (Your web.xml snippet doesn't show you using FORM auth - but it doesn't matter, the explanation above applies in any case.)
    That is why the log file (generated from non-Java code) doesn't have access to that user. It probably should, but there's no config option today for you to make that happen.
    If you're using BASIC auth you may consider moving the authentication configuration from web.xml to ACLs as a possible workaround. It will then show up in the access logs.
    If you prefer web.xml-based authentication, consider the <SECURITY audit="true"> option in server.xml. It won't be in the access log but you'll have an audit trail of authentications, which may help.

  • Thousands of entries in Apache access logs for a single IP

    We are seeing thousands of connections in our Apache access logs coming from the same IP address connecting to the
    same pages with in a short period of time (~5-20 minutes). We see this in Firefox 27, 28, 29, and 30. Below is an example of the entries, and how they loop continuously. I have not been able to reproduce the problem manually, but this happens several times a week, and I see evidence in our logs, and by monitoring the session count in our database, which increase when this happens.
    Why is this happening? Is this a bug? I see a bug report filed at https://bugzilla.mozilla.org/show_bug.cgi?id=976878, but I do not see any replies.
    xxx.xxx.xxx.xxx - - [18/Jun/2014:16:03:50 -0400] "GET /webapps/login?new_loc=%2Fwebapps%2Fportal%2Fframeset.jsp HTTP/1.1" 302 - "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:30.0) Gecko/20100101 Firefox/30.0" "-"
    xxx.xxx.xxx.xxx - - [18/Jun/2014:16:03:50 -0400] "GET /webapps/login/?new_loc=%2Fwebapps%2Fportal%2Fframeset.jsp HTTP/1.1" 200 1000 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:30.0) Gecko/20100101 Firefox/30.0" "-"
    xxx.xxx.xxx.xxx - - [18/Jun/2014:16:03:50 -0400] "GET /webapps/portal/frameset.jsp HTTP/1.1" 200 1160 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:30.0) Gecko/20100101 Firefox/30.0" "-"
    xxx.xxx.xxx.xxx - - [18/Jun/2014:16:03:50 -0400] "GET /webapps/login?new_loc=%2Fwebapps%2Fportal%2Fframeset.jsp HTTP/1.1" 302 - "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:30.0) Gecko/20100101 Firefox/30.0" "-"
    xxx.xxx.xxx.xxx - - [18/Jun/2014:16:03:50 -0400] "GET /webapps/login/?new_loc=%2Fwebapps%2Fportal%2Fframeset.jsp HTTP/1.1" 200 1000 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:30.0) Gecko/20100101 Firefox/30.0" "-"
    xxx.xxx.xxx.xxx - - [18/Jun/2014:16:03:50 -0400] "GET /webapps/portal/frameset.jsp HTTP/1.1" 200 1160 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:30.0) Gecko/20100101 Firefox/30.0" "-"

    Sorry, beyond the scope of this Firefox user support forum.
    You could try posting to the Web Development / Standards Evangelism forum at MozillaZine. The helpers over there are more knowledgeable about web site issues with Firefox.
    http://forums.mozillazine.org/viewforum.php?f=25
    You'll need to register and login to be able to post in that forum.
    Or you could add information to that Bug report or create a new Bug report.
    Or the appropriate Google Group, linked in the right column of this page after you scroll-down a bit - http://www.mozilla.org/about/forums/

  • QoS value for http traffic from IP Phone

    Since the phone marks all voice with COS 5 and data traffic with COS 0. Does this also include traffic sourced from the IP Phone http? request when doing Directory Lookups, IP Phone Services.
    Thanks!

    With 4.1 and up (not sure if 4.0 had this), this traffic is marked with TOS 3 or DSCP CS3 (24). You can modify this enterprise parameter to what ever you want.
    DSCP for SCCP Phone-based Services :
    This parameter specifies the Differentiated Service Code Point (DSCP) IP classification for IP phone services on SCCP-based phones, including any HTTP traffic. Note: You must restart SCCP-based phones for this parameter change to take effect.
    This is a required field.
    Default: default DSCP (000000).
    Restart SCCP-based phones for the parameter change to take effect.
    HTH
    Sankar
    PS: please remember to rate posts!

  • Query apache access logs for Vists, Visit duration

    I need help in querying for Vists, Visit duration in mins ..etc from apache access logs. A Visit is considered new if time difference between requests is greater than 60 mins.
    ID VISITS VISIT-DURATION-MINS
    'Usr-A' 3          112
    'Usr-B' 2          34
    My data is as below:
    ID,TIME-HR-MIN
    'Usr-A','01/01/2012 00:45'
    'Usr-A','01/01/2012 00:49'
    'Usr-A','01/01/2012 00:53'
    'Usr-A','01/01/2012 01:04'
    'Usr-A','01/01/2012 01:05'
    'Usr-A','01/01/2012 01:09'
    'Usr-A','01/01/2012 01:10'
    'Usr-A','01/01/2012 01:11'
    'Usr-A','01/01/2012 01:13'
    'Usr-A','01/01/2012 01:14'
    'Usr-A','01/01/2012 01:15'
    'Usr-A','01/01/2012 02:00'
    'Usr-A','01/01/2012 02:01'
    'Usr-A','01/01/2012 02:19'
    'Usr-A','01/01/2012 03:53'
    'Usr-A','01/01/2012 03:59'
    'Usr-A','01/01/2012 04:07'
    'Usr-A','01/01/2012 04:11'
    'Usr-A','01/01/2012 16:30'
    'Usr-A','01/01/2012 16:37'
    'Usr-A','01/01/2012 16:38'
    'Usr-A','01/01/2012 16:39'
    'Usr-B','01/01/2012 01:45'
    'Usr-B','01/01/2012 01:46'
    'Usr-B','01/01/2012 01:48'
    'Usr-B','01/01/2012 01:49'
    'Usr-B','01/01/2012 01:50'
    'Usr-B','01/01/2012 02:07'
    'Usr-B','01/01/2012 02:08'
    'Usr-B','01/01/2012 02:09'
    'Usr-B','01/01/2012 02:10'
    'Usr-B','01/01/2012 05:21'
    'Usr-B','01/01/2012 05:23'
    'Usr-B','01/01/2012 05:30'

    Hello
    I think this gives you what you need, although I think Usr-A has a total of 121 minutes not 112...
    with visit as
    (   select 'Usr-A' id,TO_DATE('01/01/2012 00:45','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 00:49','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 00:53','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 01:04','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 01:05','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 01:09','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 01:10','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 01:11','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 01:13','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 01:14','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 01:15','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 02:00','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 02:01','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 02:19','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 03:53','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 03:59','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 04:07','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 04:11','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 16:30','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 16:37','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 16:38','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-A' id,TO_DATE('01/01/2012 16:39','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-B' id,TO_DATE('01/01/2012 01:45','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-B' id,TO_DATE('01/01/2012 01:46','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-B' id,TO_DATE('01/01/2012 01:48','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-B' id,TO_DATE('01/01/2012 01:49','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-B' id,TO_DATE('01/01/2012 01:50','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-B' id,TO_DATE('01/01/2012 02:07','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-B' id,TO_DATE('01/01/2012 02:08','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-B' id,TO_DATE('01/01/2012 02:09','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-B' id,TO_DATE('01/01/2012 02:10','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-B' id,TO_DATE('01/01/2012 05:21','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-B' id,TO_DATE('01/01/2012 05:23','dd/mm/yyyy hh24:mi') time_hr_min from dual union all
        select 'Usr-B' id,TO_DATE('01/01/2012 05:30','dd/mm/yyyy hh24:mi') time_hr_min from dual
    SELECT
        id,
        COUNT(*) num_visits,
        SUM(visit_time) total_visit_time
    FROM
            SELECT
                id,
                SUM(visit_time) * 60 visit_time
            FROM
                    SELECT
                        id,
                        time_hr_min,
                        visit_time,
                        MAX(marker)OVER(PARTITION BY id ORDER BY time_hr_min) marker
                    FROM
                        (   SELECT
                                id,
                                time_hr_min,
                                CASE
                                    WHEN visit_dur > 1
                                    THEN
                                        0
                                    ELSE
                                        visit_dur
                                END visit_time,
                                CASE
                                    WHEN rn = 1
                                    THEN
                                        1
                                    WHEN visit_dur > 1
                                    THEN
                                        rn
                                END marker
                            FROM
                                (   SELECT
                                        id,
                                        time_hr_min,
                                        ROW_NUMBER() OVER(PARTITION BY id ORDER BY time_hr_min) rn,
                                        (time_hr_min - LAG(time_hr_min) OVER(   PARTITION BY
                                                                                    id
                                                                                ORDER BY
                                                                                    time_hr_min)
                                         ) * 24 visit_dur
                                    FROM
                                        visit
            GROUP BY
                id,
                marker
    GROUP BY
        id
    ORDER BY
        id
    ID    NUM_VISITS TOTAL_VISIT_TIME
    Usr-A          3              121
    Usr-B          2               34
    2 rows selected. HTH
    David

  • Kerberos encryption for HTTP traffic

    Hello
    I am writing client for WinRM service(Windows Vista). This service use SOAP protocol for communication.
    And I cannot make subscription for Windows events using Push method.
    The issue is when I try to make events subscription - Vista tries to test connection with my server, but I don't know what should I send back for test connection request to Vista WinRM... :(
    I didn't find it in MSDN.
    Subscription request is:
    <?xml version="1.0" encoding="UTF-8"?>
    <env:Envelope xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:e="http://schemas.xmlsoap.org/ws/2004/08/eventing" xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns:ew="http://www.example.com/warnings'" xmlns:n="http://schemas.xmlsoap.org/ws/2004/09/enumeration" xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns:x="http://www.w3.org/2001/XMLSchema">
    <env:Header>
    <a:To s:mustUnderstand="true">HTTP://winrmcient:80/wsman/</a:To>
    <w:ResourceURI>http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog</w:ResourceURI>
    <a:Action s:mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/08/eventing/Subscribe</a:Action>
    <a:MessageID s:mustUnderstand="true">uuid:a4b86ede-32d0-4a28-91f5-bc8f36bfca22</a:MessageID>
    <a:ReplyTo>
    <a:Address s:mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address>
    </a:ReplyTo>
    <w:MaxEnvelopeSize>262144</w:MaxEnvelopeSize>
    <w:Locale xml:lang="en-US"/>
    <w:OperationTimeout>PT5M0.000S</w:OperationTimeout>
    <w:OptionSet>
    <w:Option Name="ReadExistingEvents" mustComply="false"/>
    <w:Option Name="ContentFormat">RenderedText</w:Option>
    </w:OptionSet>
    </env:Header>
    <env:Body>
    <e:Subscribe>
    <e:Delivery e:Mode="http://schemas.xmlsoap.org/ws/2004/08/eventing/DeliveryModes/Push">
    <e:NotifyTo>
    <a:Address>http://Antares:443</a:Address>
    </e:NotifyTo>
    </e:Delivery>
    <e:Expires>PT12H0M0.000S</e:Expires>
    <w:Filter>
    <QueryList>
    <Query Path="Security">
    <Select>*</Select>
    </Query>
    <Query Path="System">
    <Select>*</Select>
    </Query>
    <Query Path="Application">
    <Select>*</Select>
    </Query>
    </QueryList>
    </w:Filter>
    <w:SendBookmarks/>
    </e:Subscribe>
    </env:Body>
    </env:Envelope>
    WinRM connection test request is request with empty content length and with header:
    Host=[Antares:443], Content-type=[application/soap+xml;charset=UTF-16], Content-length=[0], Connection=[Keep-Alive], Authorization=[Kerberos YIIE4wYJKoZIhvcSAQICAQBuggTSMIIEzqADAgEFoQMCAQ6iBwMFACAAAACjggOLYYIDhzCCA4OgAwIBBaEKGwhCUS5MT0NBTKIaMBigAwIBAqERMA8bBEhUVFAbB0FudGFyZXOjggNSMIIDTqADAgEXoQMCAQ2iggNABIIDPHstoHWBhepDeU/h3o6Uuzjtgxo5SlVRVaa9JjAUcEDb4k+DKQrtwia/GtvDsmoZ4VgE8gGpJmcuZHNUEBHwEmn48RAAuo/f3o/D7hBJ3XygexN8yPZFYtElT1CvtoVOuvox83xOr9TdUn+Dd12/AupkAIxwbdHNhftcOCajJOv3NnFGoeF5+NA54VguaW1XGZxoC1mviITkfeDW0rZnKQ3aJxRDG0kKfHvWYdIlifRydQkTY/XMGHBFvd8kA8Q3M6WYVmuCKLjjJwvHjfZ56GWUpax7MlYmOGs7ncHLptCyxiV7RTiP0c00MViangq4CoioLyPwdysG7V8oyMGcc32WpsWCbXJNm5N8ijy7JxRd4W2zfzL6rpkGFQ2F0AfsH/b+Dz45sYXKyEgJajA5TK/cPiECTIMbXnkehz2yC5mjY4XalhXf4U1j/D5E2ApbG0ITUrp10a6C/dy5yEtc4CNtVHDQ30BrdZS+vxO2PwwIKZovvvlzIyddgOqyKaKhs9i3eMfF61IjhUpquK4zZYYZEqpQtkgSaDz8rurD4M5Z1CzzlID5nlVg9YsA9JhPejsdU9Rmt51OjCu8rBvd+Kb7AMkujDogOli4NVNKssdLOJl7m3ulMQTs5AFT1O7YOW4SQsos1g2UEW+JzE+sj1IGdia8xmjxuZOsWks4QgX9O0PL3LNVE/iGgR2dOQhRzhuwEJEUfHpy1BIqZzbG48KkkNxFZLgeM+ztnrssw/zaD1vTs4+EF7KPVp1ldBwPId2P6PIyd4nyX+1tJt2SYHKyk0mdxkCw8pTAfrNxJGj9Ku573YcPfFdGhTtTTzo1CJPwSQFoNlEhh7wriaED/fseIEPPLASR+wIzGVPNBb5mTCd/vCPrwsShZl0wmtwUiDgNAu2732GVb7MDSKIc/hOjZAdFqoh3KzvWUSIsdrl1Mezcjb6VSuM87f4pWaR7f0RMexNB6ZEL0RzncbMXyhmUcqNaVyCWCgWN/ovKmWt53FkBQZkZIxLZUVyi6As3bhsfVxrw6dU4oKpHesDKldHFOz1fuEv8UKu6s7DaAd1VXiLmU4uzUSfiYH0iQCYkvf1sVqKBVyrFXHHQTKSCASgwggEkoAMCAReiggEbBIIBF2DcdvxWBV/D29hIBpQ8sJk8XF+q9tVNBHm3bFXtetxKwk1UxO64r7U5YQ4kqgvAyKTq/aL9V/QrO5x1M0mbqjKrfo/ehKGy5GGUZeQ0TYhkkmdNq8Mxo2CR5IIWqzEIaB00qSkombg/3IvniUoKbHfvoGMdr63DqRr8AbmXzHK+9kfyYMkkSMn72spoPBYadYAJZ02VUJp5fdNIqsMTREfEf3qfJNdvzaCRN/BcHVJ0C/5TChf8gFMThZzHShr2j1OdWBEZ/uLsMl2INqW0/AcCfLopSTcwgip/E63Zz/mKFCq2VIPp1++KvWPUKPalzdK9Pg/AwzXM6/+SBXdWfkUJGUW9x2nHFuZ6IeoAlhS2hvNLcjJ2ww==], User-agent=[Microsoft WinRM Client]
    I tried to send empty response(with the same test request header) for test request but it doesn't take any effect.
    WinRM subscription response is:
    <?xml version="1.0" encoding="UTF-8"?>
    <s:Envelope xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:e="http://schemas.xmlsoap.org/ws/2004/08/eventing" xmlns:n="http://schemas.xmlsoap.org/ws/2004/09/enumeration" xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns:x="http://schemas.xmlsoap.org/ws/2004/09/transfer" xml:lang="en-US">
    <s:Header>
    <a:Action>http://schemas.xmlsoap.org/ws/2004/08/eventing/fault</a:Action>
    <a:MessageID>uuid:B83898C7-9F93-4E7A-8C8C-B72C7D189908</a:MessageID>
    <a:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:To>
    <a:RelatesTo>uuid:a4b86ede-32d0-4a28-91f5-bc8f36bfca22</a:RelatesTo>
    </s:Header>
    <s:Body>
    <s:Fault>
    <env:Code xmlns:env="http://www.w3.org/2003/05/soap-envelope">
    <s:Value>s:Sender</s:Value>
    <s:Subcode>
    <s:Value>e:EventSourceUnableToProcess</s:Value>
    </s:Subcode>
    </env:Code>
    <env:Reason xmlns:env="http://www.w3.org/2003/05/soap-envelope">
    <s:Text xml:lang="en-US">The connectivity test from the push subscription source to the client failed. This can happen if the client machine initiating the push subscription is unreachable from the server machine where the event source is located. Possible reasons include firewall or some other network boundary. Modify subscription to use Pull based subscription. </s:Text>
    </env:Reason>
    <s:Detail>
    <w:FaultDetail>http://schemas.dmtf.org/wbem/wsman/1/wsman/faultDetail/UnusableAddress</w:FaultDetail>
    <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2150858901" Machine="">
    <f:Message>The connectivity test from the push subscription source to the client failed. This can happen if the client machine initiating the push subscription is unreachable from the server machine where the event source is located. Possible reasons include firewall or some other network boundary. Modify subscription to use Pull based subscription. </f:Message>
    </f:WSManFault>
    </s:Detail>
    </s:Fault>
    </s:Body>
    </s:Envelope>
    In WinRM documentation I see:
    +Note: HTTP traffic by default only allows messages encrypted with
    the Negotiate or Kerberos SSP.+
    But I use simple java HttpConnection and there are no any references to Kerberos in JavaDoc for this class... :(
    One more - I use BASIC authentication.
    Does anybody know what should I send back for connection test request.

    Sorry, I forgot to set "java.security.krb5.conf" and "java.security.auth.login.config" properties.
    But after I set these properties I've got another exception:
    GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
         at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:87)
         at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:111)
         at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:178)
         at sun.security.jgss.spnego.SpNegoMechFactory.getCredentialElement(SpNegoMechFactory.java:109)
         at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:178)
         at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:384)
         at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:42)
         at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:139)
         at com.symantec.cas.ucf.sensors.ws_management.WSServer.start(WSServer.java:132)
    Caused by: javax.security.auth.login.LoginException: No LoginModules configured for
         at javax.security.auth.login.LoginContext.init(LoginContext.java:256)
         at javax.security.auth.login.LoginContext.<init>(LoginContext.java:499)
         at sun.security.jgss.GSSUtil.login(GSSUtil.java:244)
         at sun.security.jgss.krb5.Krb5Util.getKeys(Krb5Util.java:185)
         at sun.security.jgss.krb5.Krb5AcceptCredential$1.run(Krb5AcceptCredential.java:82)
         at java.security.AccessController.doPrivileged(Native Method)
         at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:79)
         ... 28 more
    But it seems to me that I've set login module correctly:
    com.sun.security.jgss.krb5.initiate {
    com.sun.security.auth.module.Krb5LoginModule required doNotPrompt=false useTicketCache=false;
    May be I missed something...
    What do yo think about it ?

  • ODL logging for HTTP server?

    The "Oracle Application Server 10g Administrator's Guide
    10g (9.0.4)" says that logging for the HTTP_server can be done in ODL format - but I sure can't find anywhere where one would configure said logging.... anyone know how that's done?

    thanks for that link... i looked and i didn't find the parameters that I was hoping to find: max log file size and number of archive versions to keep.... did I miss that? We don't want to have to shut down the containers and manually delete log files..... I think I've figured out how to deal with this at the app server level, but not at the HTTP level.
    thanks.

  • Cookie persistence for HTTP traffic

    hello,
    i have the following situation: on an 11506, clients connects to VIP on port 80, this VIP maps to port 7777 on 2 services. The objective is to configure cookie persistence for http. The cookie persistence should be for URI /thestring/
    I have used
    advanced-balance cookies
    string prefix "/thestring/"
    in the content rule and it did not work.
    Does this have anything to do with the port changing from 80 to 7777, or am i missing something for cookie persistence?
    Regards
    Bassam

    thx for you reply; still it sometimes work and sometimes dont
    my service config:
    service ebizsso1
    keepalive frequency 3
    keepalive port 7777
    ip address 10.10.230.82
    port 7777
    protocol tcp
    string /oiddas/
    active
    my content rule
    content ebizsso-servers
    add service ebizsso1
    vip address 10.10.231.9
    protocol tcp
    port 80
    advanced-balance cookieurl
    string prefix "/oiddas/"
    active
    is this is the required?
    thank you
    bassam

  • URL Logging for Guest Traffic using Guest Anchor and ISE

    Hi there all,
    I'm looking for a solution whereby I can log URL information for wireless guest users to ISE. The anchor WLC sits in a DMZ behind an ASA and the ISE is on the internal network. I found this document (see URL below) which is similar but using a NAC Guest Server and not an ISE.
    I'm wondering if anyone has managed to do this using ISE?
    http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a0080ac2fda.shtml#wlcc

    Hi, Sorry for the late reply, I have been busy with a Proof Of Concept with the ISE.
    I have tried your suggestion and I cannot get the same results as you.
    I notice that the logs in your report were generated by an ASA. Do you know whether the same can be done with a switch dACL?
    i have this configuration...
    dACL
    3k-access#sh ip access-list int fa0/1
         permit udp host 10.1.10.103 any eq domain
         permit icmp host 10.1.10.103 any
         permit tcp host 10.1.10.103 host 10.1.100.21 eq 8443
         permit tcp host 10.1.10.103 host 10.1.252.10 eq www log-input
         deny ip host 10.1.10.103 10.1.0.0 0.0.255.255
         permit ip host 10.1.10.103 any
    Logging config...
    logging esm config
    logging trap debugging
    logging origin-id ip
    logging host 10.1.100.21 transport udp port 20514
    with the above onfiguration, I get a report which shows the syslog messages of successful authentication and download of the dACL, but then when I access a URL, i do not see any events about the URL that was accessed or even the IP that was accessed.
    DO you know if this can be done? maybe I am looking at the wrong report? Can you help?
    Mario

  • WSA certificate options for https proxy

    Should an L1K intermediate cert from Entrust be recognized by the WSA? When I try to go to a website that is using an L1K Entrust cert the WSA is blocking the site.
    Date: Wed, 18 Feb 2015 02:36:23 GMT
    Username: <removed>
    Source IP: 192.168.201.70
    URL: GET https://<removed>/
    Category: Government and Law
    Reason: UNRECOGNIZED_ROOT_CERT
    Notification: CERT_INVALID

    WSA does has Entrust cert however not for L1K.
    You might want to export that certificate to your local machine and imported to the WSA HTTPS proxy Custom Trusted Certificates.
    Normally i used Firefox and not using WSA as proxy as initial connection then get the cert from the remote site and save it locally then import it to the WSA HTTPS cert.
    You might want to review the HTTPS log as well in WSA and set the log level to debug to get more details as why is failing.
    Hope this helps

  • User access logging for my Oracle database 9.2.0.3 and Linux server

    Hi Friends,
    I would like to have a record of users who had accessed my oracle apps database(9.2.0.3).Please let me know the method.
    Also i would like to record the users who had connected to my linux server (using putty) please suggest a method.
    Regards,
    Arun

    user564706 wrote:
    I would like to have a record of users who had accessed my oracle apps database(9.2.0.3).Please let me know the method.Perhaps sed (man sed) and records in listener.log, default at OH/network/log/, could help you to find a method.
    Also i would like to record the users who had connected to my linux server (using putty) please suggest a method.Take a look in /var/log e.g. wtmp (if such file name exists, and use man command on the file names to learn their usage). Should at least help identify telnet/ssh sessions.

  • Information to Access-Log on WSA

    Hi,
    I have a question about the WSA access-log. There are a lot of "skipped" markings in the log.
    What does that mean?
    1295865776.044 118 10.100.1.221 TCP_MISS/200 21615 GET http://eicar.org/image/about_us/hgk_about_us.jpg - DIRECT/eicar.org image/jpeg DEFAULT_CASE_11-normal_User-normal_user-NONE-NONE-NONE-DefaultGroup <Comp,-,"Skipped","-",-,-,-,"Skipped","-",-,-,-,"-","Skipped",-,"-","-",-,-,Comp,-,"-","-","-","-","-","-",1465.42,0,-,"-","-"> -
    1295865780.566 88 10.100.1.221 TCP_DENIED/403 2244 GET http://www.eicar.org/download/eicar.com - DIRECT/www.eicar.org application/octet-stream BLOCK_AMW_RESP_11-normal_User-normal_user-NONE-NONE-NONE-DefaultGroup <Comp,-,"Skipped","-",-,-,-,"Virus","-",0,1,6,"EICAR test file","Skipped",-,"-","-",-,-,Comp,-,"Virus","-","-","-","-","-",204.00,0,-,"-","-"> -
    secproxy1.intra.graz.at>
    regards
    Andreas

    Are You using IronPort URL Filters or Cisco IronPort Web Usage Controls.
    I'm using Cisco IronPort Web Usage Controlsand it shows:
    IW_csec,-,"Unknown","-","Unknown","Unknown","-","-",462.00,0,-,"-","-">
    Seems Your does not handle categorization and skips that part.

  • WLS http access logs not written to when starting WLS instance using nodemanager

    When starting managed WLS instances using node manager the HTTP access logs are
    not written to (the WLS log in the same directory is written to). All other functionality
    of the WLS instances seem to operate just fine when started using node manager.
    When we start the same managed WLS instances using a start-up script the HTTP
    access logs are written to.
    ===
    How can we get HTTP access logs to be written to when starting a WLS instance
    using node manager?

    I think I know the answer to this one!
    I got bitten by the same bug (at least I think it is a bug). Check the location
    specified for the HTTP-access log for your server instance. It is probably a relative
    location, right?
    According to the docs, relative paths should start from the Root Directory (see
    your Remote Start config), but it seems like the BEA-programmers forgot to retrieve
    the Root Directory and instead blindly writes to the process' current working
    directory (CWD).
    And when started by the Node Managet, the CWD = WL_HOME/common/nodemanager.
    If you are as paronoid as I am (and you should be too), that directory should
    not be writeable by anyone. Because my BEA installation was owned by 'bin', and
    the processes run by 'beawls', I got an error message in my NM-logs pointing to
    the problem. In your case, you are probably running NM as a user that has write-access
    to your NM-home, and all your missing HTTP-access logs are deep, down there.
    Jan Bruun Andersen

  • Meaning for access log

    I have retrieved some access log for the user ID, COuld you explain about the conn,op,msgID and method.What it defines ?

    Hi,
    here you'll find the official product page that explains how the access/error logs are structured:
    http://download.oracle.com/docs/cd/E19656-01/821-1507/fnyss/index.html
    When an LDAP-client application binds to the Directory Server, then it creates a 'connection' object that will handle all the data flow from that specific client, so that if you do:
    # grep <CONNECTION> access
    you'll have the history of all operations performed: the IP address from which the connection was initiated, the bind identity, the type of LDAP commands used (SRCH/ADD/DEL/MOD/MODRDN) and the result of each command
    The operation is a counter to uniquely identify the sequence of operations of a given connection
    The message id identifies the LDAP operation within the connection, but from client side (and of course can be different from the operation number)
    HTH,
    marco

  • Weblogic Access Logs not getting generated / updated only for Admin server

    Hi All,
    I have a query ,
    We recently noticed that the weblogic access logs for our admin server are not getting generated.
    However we checked that the access logs are getting generated for the managed servers that we have.
    There is not much difference between the logging settings between the admin and the managed servers.
    We thought that there might be some problem with the buffering and that the data might not be written to the files immediately.
    So after researching we found the parameter "-Dweblogic.logging.bufferSizeKB=0" and added that to the java options however it did not make any difference.
    Also we tried modifying the config script as ,
    <server>
    <web-server>
    <web-server-log>
    <buffer-size-kb>0</buffer-size-kb>
    </web-server-log>
    </web-server>
    </server>
    However no luck .....
    We are using weblogic 9.2 MP3 and think there might be some bug with this version , however its hard to believe that the logs are generated and updated for managed servers and not for the admin servers.
    The only thing we notice in the access logs of the admin server is 404 errors.
    Any suggestions ?
    Regards,
    Stacey.

    This has come up recently here:
    access log not writing to disk in a timely fashion
    I didn't find that buffer-size-kb capability in the docs in 9.2. I recommend checking with support.

Maybe you are looking for

  • "Please update your App"

    Hi there. I got this massage, om my ipad in the Adobe viewer - after updating the software from the DPS homepage. "Please update your App This issue is available for download but requires a newer version of the app. Please update your app from the Ap

  • Adapter file receiver - file with fix length record

    Hi everybody, In the file adapter receiver, I want to create a fixed length record file . Each record need to have the same size. How is it possible, because I have a file which contains variable legnth depending of the lenght of message? exemple: <m

  • Universal IR remote

    Hey i was wondering if there was any way or program to allow you to use (almost) ANY universal remote with my Mac Mini. I was looking around online and found something about the Apple TV having a new feature in the 2.3 firmware that allowed you to us

  • Reporting tax code lines

    Hello Every Body, For the tax code in reporting, can some one tell me witch line (in example below) get the priority in reporting ? Item = 1 and item = 2 ? OR Item = 2 and item = 3 ? We have to based on the field transaction(mws/vst)? if yes -> who g

  • Broadband disappearing after a landline call

    Telephone line is noisy and broadband disappears after a call. This lose lasts around a couple of minutes.  \this fault was cleared yesterday but has come back.  Anyone else had this fault?