Cisco JOINT event viewer - understand event ID

Similar Questions

• Cisco JOINT and IPS hardware bypass

  Hi all

  I have a question about the Cisco JOINT, ASA - AIP - SSM (IPS) and material of the IPS 4200 bypass unit series. Please let me know if the material fails in both cases how to cross traffic. Is there any circumvention of integrated equipment built in the same

  Concerning

  Ankur

  Sorry for the late reply. I've been on vacation for a week.

  ByPass hardware is not available for the JOINT-2 no matter if you use inline vlan pairs or couples inline interface.

  For devices need special interface cards or a hardware bypass switch separate, and none of them are available on the JOINT-2.

  You must configure your network so that there is a second way around the JOINT 2 JOINT-2 failure.

  This can be done with a standard network cable.

  Suppose you have your JOINT-2 configured for inline vlan VLAN 10 matching and 20.

  Configure a standard switchport as an access port on vlan 10.

  Set up an another standard switchport as an access port on vlan 20.

  Now using a standard network cable connect these 2 all switch ports.

  Stop your JOINT-2 and traffic should now be passed through this network cable and your network connectivity must be maintained.

  Bring your JOINT-2 backup, and now spanning tree runs and will choose the JOINT-2 or the network as the main way and the other cable will set in a State of block.

  Run ' show vlan spanning-tree 10 ' and ' show vlan spanning tree 20 "to determine if the cable ports or port JOINT-2 is in a BLK State.»

  If the cable ports are in a State BLK, then you don't need to modify the spanning tree.

  If the JOINT-2 port is in a State BLK, then you need to change the spanning tree cost and/or priority for JOINT-2 port by using the following commands:

  -[No] port-channel channel_number-STP intrusion detection doesn't cost port_cost

  Defines the cost of port tree covering for the data port on the specified module. Without the option restore shipping tree covering for the data port on the module specified in the default value.

  -[not] port-channel channel_number spanning tree priority priority intrusion detection

  Sets the priority of the port spanning tree for the data port on the specified module. Without the option restores the priority of port spanning tree for the data port on the module specified in the default value.

  To learn more about spanning-tree and how these parameters interact with spanning tree you can look through this section of the user guide for the switch or to search cisco.com for documentation of spanning tree:

  http://www.Cisco.com/en/us/partner/docs/switches/LAN/catalyst6500/IOS/12.2Sx/configuration/guide/spantree.html

  NOTE: Your switch must be configured for rapid PVST for failover more rapid. Work with your administrator to switch to determine which spanning tree Protocol is used on your switch. The JOINT-2 does not work with STDS to ensure that STD is not used.

• Cisco integrated event handler problem

  Hello Experts,

  I took the following sample EEM

  https://learningnetwork.Cisco.com/blogs/network-Sheriff/2009/06/19/writing-your-first-EEM-applet

  The intention is to send a notification to an email address on a network problem. I modified it bit as illustration. You will see that there are various show commands.

  Can someone show me please how to send show rather commands simply by adding them to the directory called "server_unreachable"?

  TechWiseTV4506 (config) #eve

  (_email_server 172.16.1.44) NT Manager environment<-my post="" cast="">

  TechWiseTV4506 (config) #event Manager environment _email_to [email protected] / * /

  TechWiseTV4506 (config) #event Manager environment _email_from [email protected] / * /

  Event Manager applet email_server_unreachable

  Event track 10 down state

  message from syslog to action 1.0 "Houston we have a problem. Ping failed, inaccessible Server! »

  command action 1.1 cli 'enable '.

  Action 1.2 cli command "del/force flash: server_unreachable.

  action 1.3 cli command "display the clock | Add server_unreachable.

  action 1.4 cli command "show ip arp 172.16.1.55 | Add server_unreachable.

  action 1.5 cli command "show ip route 172.16.1.55 | Add server_unreachable.

  action 1.6 cli command "show interface FastEthernet0/1/1 | Add server_unreachable.

  action 1.7 cli command "flash: server_unreachable more»

  Action 1.8 mail server "$_email_server" to "$_email_to" of "$_email_from" subject "inaccessible server: ICMP-echo has no" body "$_cli_result»

  Action 1.9 msg syslog "Server unavailable alert has been sent to the mail server!

  See you soon

  Carlton

  This cmdlet will actually results by e-mail.  However, in order to get all of the whole output, it uses the file server_unreachable as a buffer from the accumulator.  This file could be deleted as an action 2.0:

  Action 2.0 cli command "remove/force flash: server_unreachable.

  But it is already there in action 1.2, so it is not really necessary.

  What will happen, this is the applet will be more the file to collect all of the production.  This aggregate output is stored in the variable of _cli_result $.  The result is that the body of your email will contain the result of the consolidated order.

• Cisco Unity Voicemail - view number of messages in specific mailboxes

  Hey all,.

  I am able to see the limit settings, and the size of the mailbox store, but it is for the DB as a whole.  Is it possible to display individual mailboxes mailbox of the user and their limits, whether or not they are full and how many messages currently residence in them.  Currently, the only way I could check physically needs to call voicemail and enter the password to hear that some mailboxes are full.

  Is there a 3rd party tool I woul dneed to find this information?

  Any help would be greatly appreciated!

  Thank you!

  T

  (Running the unit connection 8.5)

  Hey T,.

  You'll want to check this tool of the suite of tools of connection of the unit / unit

  Dump (CUDD) user data connection tool

  The connection user data Dump (CUDD) is a remote database administration tool based on Windows available on the site Web of Cisco Unity tools. CUDD allows you to export specific information about users in a file that can be imported into another application, such as Microsoft Excel or a database utility or read. When the data is exported, the tool automatically creates a header row that lists the type of data in each column output, to facilitate import into other programs.

  The tool is available on the website of the tools of unity "Superb."

  http://www.ciscounitytools.com/applications/CXN/UserDataDump/UserDataDump.html

  See you soon!

  Rob

  «Go easy... step slightly...» Free hosting"

  -Shock

• 4215 Java error: when connecting the IPS Event Viewer

  Hello-

  I got a java error trying to connect to my 4215 with Cisco IPS event viewer. It's as follows:

  IOException in Subscription() open: java.security.cert.CertificateExpiredException: NotAfter: Sunday 29 March

  The web server is running on 10.x.x.x:443? Please check the settings of the device communication.

  I can set the date on my pc to last week and everything works very much like b4. I tried to update my java to the latest version and created a new certificate of IPS.

  Any help would be greatly appreciated:

  Thank you

  Hello

  The problem can be solved by following the steps below

  1. connect the sensor.

  2. run the tls - generate the command key.

  3. make sure that the certificate is generated.

  4 Add the device again. It should work now.

  Ref: http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_qanda_item09186a008025c533.shtml

  Whether she helped.

  Concerning

  Sridhar

• How to get the JOINT-2 log file

  Hi, we installed in the 6500 system JOINT-2 cat. Anyone know how to get the syslog JOINT-2 file? and how config to send the log to syslog server? I know that these two questions are quite simple, but I've yet to find answers.

  Any help would be greatly appreciated.

  You can get the JOINT events to the CETS format. Using the Manager of IPS or other tool to collect these logs.

• Cisco Aironet 1100 AP - SNMP - related Clients

  Hello

  I tried everything and searched the net for it without a bit of luck this time. I found a few years ago, but now I can't.

  I want to make a graph with http://oss.oetiker.ch/mrtg/ that list the number of clients that is connected.

  I know it's possible with SNMP, but I how no idea where. I know that I need the OID for this. The MIB should not be required, because as I understand it, these only reflect the human readable names OID. Well, this could in fact easier to find but I can't find them either.

  If more information is needed, please let me know. This is really driving me crazy.

  Mikael,

  The cisco community string is arbitrary and you could do anything you want. It is the view definition and the application of this point of view to the public that were string limit what you could get out of the tree of the MIB on the AP:

  • ieee802dot11 of dot11view of view included SNMP Server

  This configuration line sets a new view called "dot11view" and limit from this point of view to only the OID in the ieee802dot11 of the MIB tree branch. The keyword included is inclusive and means that this view excludes everything in the tree except what is in the branch of ieee802dot11 .

  • SNMP-server community public discovers dot11view RO

  This configuration line sets a new community called public string while limiting his view of the dot11view, we created above.

  • Cisco SNMP-Server RO community

  This configuration line sets a new community called string cisco. Without view applied, it is free and if we call it, we can see anything in the MIB of the AP tree we ask.

  By using the SNMP Object Navigator, I see ieee802dot11 a DIO 1.2.840.10036

  The OID that you try to make, cDot11ActiveWirelessClients, has a value of 1.3.6.1.4.1.9.9.273.1.1.2.1.1, which is not a subset of the 1.2.840.10036 tree.

  So when you use your snmpwalker with the public channel tool as it is currently defined with the dot11view, you are not deprived of everything except the part ieee802dot11 of the MIB tree.

  Please mark this question as answered in order to help future researchers. Thank you!

  Justin

• LACP hash between N3048 and CISCO SG300/SG200 + question Twinax attach direct cable

  Hello

  In my network I have deployed two new N3048 with 2 transceivers SPF + and SPF module back + as core switches are connected to other 3 switches from edge of N2048 using optical fiber and I reused my previous CISCO SG300 and SG200 goes to serve the other two boxes of my campus via the spine in copper.

  I have 4 copper cable which starts from the hub of the SG300 network and 2 the SG200 brass. I set up to have a redundant connection using 2 + 2 with SG300 and 1 + 1 with SG200 RSTP.

  So for the SG300 I re LAG + LACP to have two channels of the N3048s port, but now that a single cable is connected because I don't know what kind of LACP hash mode should I put on N3048 to have a compatible hash between Dell and Cisco switches.

  My N3048 have mode 7 (Advanced hash) as default but I guess that cisco models do not understand... so, what mode is the best for LACP work perfectly with small business cisco switches?

  I also received my twinax cables to connect my two N3048 via SPF + back modules... conhot can I plug the cables into the slots SPF + (already mounted) without turning off my basic switches?

  Thank you!

  See you soon

  Cables can be connected/disconnected, but I don't know if the real module SFP + for the rear of the N3000 is hot plug.

• Documents required for JOINT-2

  The second generation Cisco JOINT-2 protects switched environments by integrating all the features of the Office IPS directly to the network through the widely deployed Cisco Catalyst chassis infrastructure. This integration allows the user to monitor traffic directly on the backplane to switch a logical platform for additional services such as firewall and IPS.

  And let's deploy this module soon 0n Cat 6509 is have a documentation about the configuration of this module.

  Thank you and I'd really appreciate it.

  Here is a link to the documentation of IPS v5.0:

  http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/csids/csids11/index.htm

  Here is a link to the IPS v5.0 cli configuration guide:

  http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/csids/csids11/cliguide/index.htm

  Here is a link to documentation IPS 5.0 regarding the configuration of the JOINT-2:

  http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/csids/csids11/cliguide/cliidsm2.htm

• JOINT-2 licenses

  I inherited a few JOINT-2 modules for our 6500 switches. These have been hanging around for a while and I just need some clarification on how the modules are allowed.

  When you buy these modules they come with a basic license already as the Firewall Services Module. Or are you save with their serial number until you can use them?

  I ask because we are trying to deploy them and told me that they cannot be activated without a license key.

  Pointers would be much appreciated

  Jon

  You can set up the JOINT-2 and start using it without a license. the only thing you won't get updated signature without registration.

  As you say GET register with Cisco JOINT using the serial number and start downloading the update of the signature.

• PIX 6.3 SNMP MIB, problem with the CISCO-PROCESS compilation - MIB.oid

  I am Edgar Servín

  I have a cactus and got to watch the CPU of the PIX, I got the OID number:

  cpmCPUTotal5sec 1.3.6.1.4.1.9.9.109.1.1.1.1.3

  I used the Cisco SNMP Object Navigator and said:

  Compile the MIB

  Before you can compile CISCO-PROCESS-MIB, you need to compile the MIBS listed below in the order listed.

  Download all of these MIBs (WARNING: does not include non - Cisco MIB) or view details about each MIB below.

  How can I do?

  Hi Edgar,

  compiling the MIBs is necessary only when you are using HP OpenView or something similar. With the cactus, I confess that I have never used myself, but I'm pretty confident that you can just set the OID in Cacti and it will just make a periodic SNMP query for that object.

  HTH

  Herbert

• JOINT-2 flow in Bypass Mode?

  HI, I have documentation cisco joint-2 a 500Mbps flow in inline mode and the throughput of 600Mbps in passive.so guess our ihsane-2's in inline mode, then if we put our joint-2 in Bypass mode, how traffic joint-2 can handle without any inspection? (flow)?

  Thank you.

  The JOINT-2 would be only supported to the same 500Mbps for inspection and by-pass.

  There is not a separate ByPass mode ranking.

  Having said that, the JOINT-2 will be much higher than 500Mbps in ByPass mode (assuming that nothing else on the sensor).

  But I don't know how much of more since don't usually test us the performance in ByPass mode.

  You wouldn't want to plan your network on the performance of ByPass capacity.

  The other reason is that when the sensor bypass there will be something else in the sensor.

  In the case of an update of the Signature, there will be a treatment of signing consuming much of the CPU and memory for ByPass will not perform to its peak performance.

• Image file capwap IOS corresponding with image Wlc file flash

  Hello to all the experts wireless

  My willingness to question may seem a little more evident for some of you, but here it is :)

  I would like to understand the relationship between the Capwap IOS image file I see while typing "dir flash" on an AP and version a WLC gives to this access point when joining it. My wlc runs 7.4.100 and about to access flash (2602i):

  MYCAPWAPAP #dir flash:
  Directory of flash: /.

  2 - rwx 75095 October 23, 2014 07:54:43 + 00:00 event.log
  3 - rwx 280 23 October 2014 07:57:35 + 00:00 lwapp_officeextend.cfg
  4 - rwx 49372 October 23, 2014 09:37:14 + 00:00 lwapp_non_apspecific_reap.cfg
  5 - rwx 95008 October 23, 2014 07:54:34 + 00:00 lwapp_reap.cfg.bak
  drwx 10 2048 October 23, 2014 07:54:33 + 00:00 ap3g2-k9w8 - mx.152 - 4.JB6
  drwx 51 128 23 October 2014 07:57:38 + 00:00 configs
  52 - rwx 64 23 October 2014 07:54:34 + 00:00 sensord_CSPRNG0
  53 - rwx 64 23 October 2014 07:54:34 + 00:00 sensord_CSPRNG1
  77 - rwx 95008 October 23, 2014 07:57:55 + 00:00 lwapp_reap.cfg
  7 - rwx 7192 23 October 2014 09:36:56 + 00:00 private-multiple-fs
  56 - rwx 0 26 March 2014 14:37:17 + 00:00 this
  drwx 13 448 9 November 2013 19:06:17 + 00:00 ap3g2-rcvk9w8-mx
  8 - rwx 75303 October 22, 2014 16:30:26 + 00:00 event.capwap
  76 - rwx 230 23 October 2014 07:57:34 + 00:00 env_vars

  total 31739904 bytes (10376704 bytes free)

  That means that the 7.4.100 image file is included in the ap3g2 file? In other words, where the wlc on the AP firmware image is stored? As an access point has a main image and a backup, it must be stored somewhere on it, or maybe I'm missing something here!

  Thank you

  Theo

  Hi Theo,.

  If you read this post, you will understand the platform to represent the AP ap3g2.

  https://supportforums.Cisco.com/document/77131/understanding-access-point-iOS-images

  platform featureset - tar.version.tar

  • AP1G1 - 700 series (starting with 15.2 702w (4) JB5)

  • AP1G2 - series 1600

  • ap1g3 - series of 1530

  • ap3g2 - 3700/2700/3600/2600 series (beginning with 15.2 (4) sustained 3700 JB; 2700 starting with 15.2 (4) JB5)

  • ap3g1 - 3500/1260 series

  In light mode, there is recovery Imange & integral. (Recovery image contains files of minutes to start the AP & discover a WLC, then WLC will push the complete image according to the code of the software running on a WLC.

  ap3g2 -k9w8-mx. 152 - 4.JB6

  ap3g2 -rcvk9w8- mx

  In this case, you can see a few directories with the name above on your access point. Corresponding image should be in these subdirectories.

  HTH

  Rasika

  Pls note all useful responses *.

• Syslog. Include the address IP of VTY in each message (the configuration changes)

  Hello guys,.

  I discovered that Huawei has a syslog messages different format when it comes to saving the configuration changes in external syslog, however if in Cisco you use a universal login for many users, it is impossible to know what connected IP address who commands...

  I know, a solution would be to allow all users to use its own login, however, I wanted to know is possible for a Cisco router associate the vty from the payer 'connected command' and include this information in Syslog.

  Here is the example for Huawei:

  %%10SHELL/5/cmd (l): - DevIP = 10.219.3.2 - 2 - task: vt0 ip:10.200.7.138 user: * command: display buffer

  Cisco has kind of understands the final message where says what was the IP address of the VTY, however, this IP address is not present in each message syslog like Huawei.

  68954: 168799: sep 22 14:29:21.839: % PARSER-5-CFGLOG_LOGGEDCMD: user: XXXXX connected command: no connection host 10.200.100.10 transport udp port 515

  68952: 168796: 14:18:25.341 Sep 22: % PARSER-5-CFGLOG_LOGGEDCMD: user: XXXXX connected command: exit

  68953: 168797: sep 22 14:18:26.053: % SYS-5-CONFIG_I: configured from console by XXXXX on vty5 (10.200.7.138)

  Is it possible to do something similar in Cisco

  If you Splunk or another business journal reports server you can correlate these events by building a transaction whenever you see a % SYS-5-CONFIG_I event. I have support for this in my application of networks Cisco for Splunk: https://apps.splunk.com/app/1352/ & https://apps.splunk.com/app/1467/

  Take a look and see what you think.

• Dial-Peer out of the CME, for UC540 does not

  Dear Experts,

  We have a UC560 HQ and the new branch with 2811 router. These sites linked via VPN using fortigate. The connectivity between sites is in place and we are able to ping both the sites and networks of voice successfully.

  I have configured dial-peers on both sites. The headquarters at the local branch calls succeed without problem, but when we compose branch at HQ, we get a fast busy signal. Here is the config of dial peers

  AC-

  Dial-peer voice 300 voip

  destination-model 3...

  session target ipv4:192.168.110.1

  DTMF-relay h245 alphanumeric

  No vad

  Branch-

  Dial-peer voice 800 voip
  destination-model 8...
  session target ipv4:192.168.201.2
  DTMF-relay h245 alphanumeric
  No vad

  CSIM results of branch-

  CSIM start 891
  CSIM: called number = 891, number of loops = 1 ping count = 0

  CSIM err csimDisconnected recvd DISC cid (786)
  CSIM: loop = 1, failed = 1
  CSIM: call attempt = 1, Setup failed = 1, your failed = 0

  Please please advise. Thank you.

  Hi, it's like application of fraud alleged toll-free which dismissed the appeal of the site BR.

  1076043: 11 Oct 14:36:29.759: / / 282614/B639957688BC/CCAPI/cc_api_call_setup_ind_common:
  Set up the event sent;
  Call Info (number = 308(TON = unknown, NPI = unknown, not projected = screening, presentation = authorized),
     Called number = 807 (Unknown = TON, NPI = unknown))

  1076047: 11 Oct 14:36:29.763: / / 282614/B639957688BC/CCAPI/cc_process_call_setup_ind:
  > Handed CCAPI cid 282614 tagged 300 to app "" _ManagedAppProcess_TOLLFRAUD_APP".
  1076048: 11 Oct 14:36:29.763: / / 282614/B639957688BC/CCAPI/ccCallDisconnect:
     Value = 21, Tag = 0x0, entry calls (previous disconnection Cause = 0, remove the Cause = 0)

  you need to add the address IP of GW BR (192.168.110.1) slot ' voice voip service > reliable list of IPS "as shown below.

  voip phone service
  list of approved IP addresses
  IPv4 192.168.110.1

  For you reference: https://supportforums.cisco.com/document/46566/understanding-toll-fraud-...