General questions Cisco IDS

Similar Questions

• Cisco IDS 4.1 probes in HA? monitor package drops?

  Hello

  can someone tell me if Cisco IDS sensors provide high availability or failover capabilities? If so, how and where to fix?

  Is there a form any notification drop package when sensor starts a fall of packages under full load?

  Hello

  IDS sensors do not provide high availability or failover capability.

  Under a high load of the sensor can be configured to alert of hamid question the 993 which States "package dropout rate exceeded the threshold. This threshold is set by default to 5% (Total dropped packets / Total packets received in a time interval). You must enable this GIS as it is disabled by default.

  Hope this helps

  Thank you

  Madhu

• Camileo load problem (solved) and a general question!

  Hi all!

  First of all, I was going to ask for help as to why the Camileo S10 wasn't supported (the orange light was not blinking) and I had seen a few people with similar problems.
  The solution?

  Give the contacts of the battery clean.
  The sticker of insulation that comes on it must leave some kind of residue on it, and just avoid the charges. [Now it blinks far fortunately:]

  So my general question was, is it possible/desirable to use the camera on the network?
  Instead of constantly drain and recharge the battery during long shoots, I prefer to leave it plugged!

  Thank you very much in advance!

  Paul

  Hello

  I think that the handling of the battery is always the same, regardless of what product it is
  From time to time the battery must be recalibrated.

  This means that the battery should be completely discharged and then after you need to load it again until the battery could reach 100%

  I do this with all my batteries; laptop battery, laptop battery and battery of digi cam.

• A general question to the community

  I have a general question to the forum community. I noticed that many contributors have more than 100,000 points. I'm a contributor forum for several years, I consider myself to be a casual user and offer contributions to daily or occasionally and then my answer is chosen as the solution. Not that it's really important to me because I love just to help others. However, unless a person is right in front of their computer constantly on the communities of Apple I for the life of me see how a person could possibly reach more than 100 000 points. Y at - it a secret that I don't know?

  No, I think you worked which is the secret.

  TT2

• Order General questioning of IEC 60870-5-104

  Dear all,

  I use the NI Communications toolkit to create slave IEC 60870-5-104 (station controlled).

  I use s/w of Triangel microworks part and use it as the master for the same. I am able to send and receive the bulk of orders with the examples provided with the Toolkit to "C:\Program NIUninstaller Instruments\LabVIEW 2012\examples\IEC60870-5,

  I am not able to find a way to capture the "questioning general command" from the server.

   

  Can someone help me how to proceed with this.

  Thank you.

  Hi Frabto,

  The development team has had some great insights below. I have bad informed you (sorry!) behavior, that the command general question should be processed automatically in the communication stack.

  First the order of query sent to control the station may request the complete(station interrogation) or a subset (group interview) of all the data points on the control station. NEITHER 60870-5 to the command station supports the command when the control station receives an order of questioning of the station, it will reply with all the values of the data points. If the Group interrogation command, it will reply with the values of the data points that belong to the group. Users are not able to detect whether the query command is received or not, is automatically handled inside the battery, it allows users of the VI called "Set Group.vi" inside the VI polymorphic "set Property.vi" to set a point to be one of the 16 groups and you can see the usage with the example 'Interrogate information in Group.vi objects' in the folder of the example 60870-5.

  You shouldn't need to do anything to respond to a command of the interrogation. The station will automatically answer. I hope that I did not cause you too much confusion on this point.

• Some General Questions of CVI - how does the compiler

  Hello

  I work with CVI 9.1 for more then a year during this time i ' v noticed a couple things, I would like to help me to understand.

  1. Work with several C files:
  • When I'm writing a software that uses lets say C files and files of 10 H 10: Main.c Main.h File1.c File1.h Panels.h Panels.uir and so on... I'm implementation of the function in the c file and its deceleration of writing in the file h, i ' v noticed that sometimes I get msgs of the compiler on the conflicts, maybe there's a way I know not just for the CVI?
  • Works correctly with the file UIR for example lets take the files written above, if I have sign - HAND and control led1 and I want to do SetCtrlVal in the Main.c I can implement as this SetCtelVal(MAIN,MAIN_LED1,1); but when I go to file1.c and try to do it, I get the error message that main_led1 is not a control value (I included the Panels.h) this problem happens to me a lot is there a solution? or maybe I am doing something wrong...
  • What is the best way to implement bollean var (true false) for the software? is it possible to add this var always?
  • decelerations of incompatible type: allows you to take the Fmt function for example when I'm trying to use it in another file, I get the decelerations of incompatible type with the names of the files...
  • General question: lets say I want to include in my project and I want to use its features in main.c and file1.c, I included in two files? or there is a way to include it in a single file only?

  2. to access the buttons

  • lets say that I have buttons and I am pressing on it after pressing the button I have a loop for 10 min, I want to create a button give up, but I can't press anything because the keys are "locked out" is there a way besides multi threading to implement this?

  Wow! A very broad set of issues!

  A quick response.

  • Works correctly with the file UIR for example lets take the files written above, if I have sign - HAND and control led1 and I want to do SetCtrlVal in the Main.c I can implement as this SetCtelVal(MAIN,MAIN_LED1,1); but when I go to file1.c and try to do it, I get the error message that main_led1 is not a control value (I included the Panels.h) this problem happens to me a lot is there a solution? or maybe I am doing something wrong...

  There is a basic error in your statement: the first (SetCtrlVal) parameter must be the handle Panel, which is the reference to the object in memory that is created when you call LoadPanel (). Using the name of constant sign is not correct: it may work if you're lucky and you have the Panel handle with the same value as the name of the constant, but this certainly isn't the correct way to address on a panel controls.

  Even if I don't understand the error that you declare: I expect 'the control is not of the type expected by the function' or an error of inconsistent data type (like passing an int to double check) or...

  Remember that each function that processes objects on a Panel must be aware of the handful of Panel, then either you pass to the function as a parameter, or store it in a global variable.

  • decelerations of incompatible type: allows you to take the Fmt function for example when I'm trying to use it in another file, I get the decelerations of incompatible type with the names of the files...

  I normally leave CVI #including the necessary system files: when I use certain functions like Fmt in a source file and compile ICB warns me to add the relevant include file, and it does it correctly. Operating in this way I never had problems with formatting and the I/o library functions. You can rebuild the inclusion list by removing all #includes in yous source files and compilation of the project, this should correct errors

  • General question: lets say I want to include in my project and I want to use its features in main.c and file1.c, I included in two files? or there is a way to include it in a single file only?

  You must include the file containing the definitions of the functions in all source files that use. Or you can create a general include file with all included in your project and include only this one in all of your source files

  • lets say that I have buttons and I am pressing on it after pressing the button I have a loop for 10 min, I want to create a button give up, but I can't press anything because the keys are "locked out" is there a way besides multi threading to implement this?

  It is a general rule that animates the CVI environment: during the execution of a loop inside a function (a reminder of command or another function) the system does not handle the user interface events, so that your buttons appear locked. This can be solved by adding a call repeated (ProcessSystemEvents) inside the loop: this way of all UI events are monitored and managed by the system.

  You must use this method with caution: before entering the loop, you must disable all the controls that can be used during operation (normally only the Quit button should stay active) otherwise, you can enter a situation in which other callbacks are executed during the loop that might interfere with it.

  In such a case, do not put a reminder in the stop button and the use of a global variable I have normally create a toggle button Stop and manipulate it in this way:

  While (1) {}

  ....

  ProcessStemsEvents ();

  GetCtrlVal (panelHandle, PANEL_STOP, &stop);)

  If {(stop)

  ... gracefully out of the function

  break;

  }

  }

  This argument has been discussed several times in the forums: do a search for ProcessSystemEvents returns a large number of discussions you can read

  • What is the best way to implement bollean var (true false) for the software? is it possible to add this var always?

  CVI is not a native boolean value. I used to use an int and test weather it is zero or not

  • When I'm writing a software that uses lets say C files and files of 10 H 10: Main.c Main.h File1.c File1.h Panels.h Panels.uir and so on... I'm implementation of the function in the c file and its deceleration of writing in the file h, i ' v noticed that sometimes I get msgs of the compiler on the conflicts, maybe there's a way I know not just for the CVI?

  I do not understand what you describe: could you add some piece of code allowing to penetrate this situation and report exactly the message the compiler warns?

• Ontario Regulation the upgrade of Version 4.0 of Cisco IDS to 5.0

  Dear Happs / marcabal

  I have one of the IDS 4215 4.1 (1) Version with the details attached. I want the same thing to 5.0 and 6.0. So I install the 5.0 (1e) S149 major to upgrade to 5.0 first release

  The following is written in the read me file for the package of service IPS-K9-maj-5.0-1e-S149.rpm.pkg

  "For ID-4215, you must also make sure that you have upgraded the BIOS to the version.

  5.1.7 and the ROMMON version 1.4 "

  So I downloaded the upgrade utility mentioned above; However, I need to know following

  (1) how to check the current BIOS and the ROMMON Version in ID

  2) to upgrade the BIOS and ROMMON Version, can I do my dekstop (Windows XP) as a server TFTP we manage remote (LINE of LEASE), customer IDS, or do I need to have a local instead of customers himself (in the cisco IDS network beach only) which can be made as TFTP server

  (3) also please let me know how do I know the IDS 4.0 license and if no license is available then, can still update us to version 5.0?

  There is no version 4.x license, licenses began only in version 5.0.

  You can improve your 4215 to version 5.1 or 6.0 unlicensed.

  The minimum versions of BIOS update and forms are easily searched on CCO.

• Questions of IDS-4215

  I bought this unit and I have problems with it, I did the restore and I put the new password and pick-me-up Dungeon to it, how to make out of it?

  CISCO SYSTEMS IDS-4215
  Embedded BIOS Version 5.1.7 03/02/04 11:20:35.01
  Compiled by dnshep
  Evaluate the Options of execution...
  Check for disc Image valid
  GRUB, loading stage1.5.

  GRUB loading, please wait...

  GRUB version 0.91 (632K lower / higher than 523264K memory)

  -------------------------------------------------------------------
  0: cisco IDS (vmlinuz - 2.4.26 - IDS-smp-bigphys}
  1: cisco IDS recovery
  -------------------------------------------------------------------

  Use the ^ and v keys to select which input is highlighted.
  Press ENTER to start the operating system selected, 'e' to change the
  orders before starting, 'a' to change the kernel arguments
  before you start, or 'c' for a command line.

  Entry 0 will be started automatically in 1 seconds.
  Start ' Cisco IDS (vmlinuz - 2.4.26 - IDS-smp-bigphys} ")

  root (hd0, 0)
  Filesystem type is ext2fs, partition type 0 x 83
  kernel (hd0,0)/boot/vmlinuz-2.4.26-IDS-smp-bigphys ro root = / dev/hdb1 had = flash)
  Console = ttyS0 bigphysarea = 16384
  [Linux bzImage, setup = 0 x 1400, size = 0x11b282]

  Linux version 2.4.26 - IDS-smp-bigphys ([email protected] / * / _build_master) (version gcc 2.96 20000731 (Red Hat Linux 7.3 2, 96-112)) #2 SMP Thu Aug 18 11:03:13 CDT 2005
  BIOS fitness card RAM:
  BIOS-e820: 0000000000000000 - 000000000009e000 (usable)
  BIOS-e820: 000000000009e000 - 00000000000a 0000 (reserved)
  BIOS-e820: 00000000000e0000 - 0000000000100000 (reserved)
  BIOS-e820: 0000000000100000-0000000020000000 (usable)
  BIOS-e820: 00000000fff00000 - 0000000100000000 (reserved)
  0 MB HIGHMEM available.
  512 MB LOWMEM available.
  On the node 0 totalpages: 131072
  area (0): 4096 pages.
  area (1): 126976 pages.
  area (2): 0 pages.
  DMI does not exist.
  ACPI: Unable to locate the PDSP
  Kernel command line: ro root = / dev/hdb1 had flash = console = ttyS0 bigphysarea = 16384
  ide_setup: a = flash
  Local APIC disabled by BIOS - reactivation.
  Local APIC found and activated!
  The initialization of the #0 CPU
  Detected 845,655 MHz processor.
  Console: the unit dummy color 80 x 25
  Calibrating delay loop... 1684.27 BogoMIPS
  Memory: 449240 k/524288 KB available (kernel code of 1621 k, k 74656 reserved, 639 k data, 136 k init, 0 k highmem)
  Dentry cache hash table entries: 65536 (order: 7, 524288 bytes)
  Inode-cache hash table entries: 32768 (order: 6, 262144 bytes)
  Get cache hash table entries: 512 (order: 0, 4096 bytes)
  Buffer cache hash table entries: 32768 (order: 5, 131072 bytes)
  The page cache hash table entries: 131072 (order: 7, 524288 bytes)
  CPU: L1 I cache: 16K, D L1 cache: 16K
  CPU: L2 cache: 128K
  Architecture Intel machine control supported.
  Intel machine check reporting enabled on CPU #0.
  Enabling fast FPU save and restore... done.
  Allowing the use of unmasked SIMD FPU exception... done.
  Checking 'hlt' instruction... Ok.
  UNIFIX POSIX compliance test
  MTRR: v1.40 (20010327) Richard Gooch ([email protected] / * /)
  MTRR: detected mtrr type: Intel
  CPU: L1 I cache: 16K, D L1 cache: 16K
  CPU: L2 cache: 128K
  Intel machine check reporting enabled on CPU #0.
  CPU0: Intel Celeron (Coppermine) stepping 0
  by timeslice cut CPU: 365,62 usecs.
  Motherboard undetected SMP.
  Turned off turned on CPU #0
  Value of ESR before activating the vector: 00000000
  Value of ESR after activating the vector: 00000000
  Local APIC interrupt using timer.
  calibration of APIC timer...
  ..... CPU clock speed is 845,6568 MHz.
  ... bus clock speed host is 99,4889 MHz.
  CPU: 0, clocks: 994889, slice: 497444
  CPU0
  Waiting on wait_init_idle (card = 0x0)
  All processors have been init_idle
  PCI: PCI BIOS revision 2.10 to 0xff6a9, last bus = 1 entry
  PCI: Using configuration type 1
  PCI: Hardware probing PCI
  PCI: Hardware probing PCI (bus 00)
  Limitation of direct transfers of PCI/PCI.
  ISAPNP: digitization of the PnP cards...
  ISAPNP: no Plug Play devices & found
  Linux NET4.0 for Linux 2.4
  Swansea University Computer Society NET3.039-based
  The initialization of the RT netlink sockets
  From kswapd
  bigphysarea: 16384 pages for 0xc1606000.
  Responsible journaled block device driver
  Pty: 2048 Unix98 ptys configured
  keyboard: there is no Timeout - at THE keyboard? (ed)
  keyboard: there is no Timeout - at THE keyboard? (f4)
  Series c 5.05 driver version (2001-07-08) with MANY_PORTS MULTIPORT SHARE_IRQ SERIAL_PCI active ISAPNP
  ttyS00 at 0x03f8 (irq = 4) is a 16550
  ttyS01 at 0x02f8 (irq = 3) is a 16550
  V1.10F real time clock driver
  Initialized RAM disk driver: 16 discs RAM 4096 K size 1024 blocksize
  loop: loaded (max 8 devices)
  LPC: version 0.1 (August 18, 2005)
  Uniform cross-platform E-IDE review pilot: 7.00beta4 - 2.4
  IDE: assuming that the speed of the bus system 33 MHz for modes PIO; Override with idebus = xx
  PIIX4: Controller IDE PCI slot 00:07.1
  PIIX4: chipset revision 1
  PIIX4: not 100% natively: will probe IRQS later
  ide0: BM - DMA at 0xf800-0xf807, BIOS settings: had: pio, hdb:pio
  IDE1: BM - DMA at 0xf808-0xf80f, the BIOS settings: hdc:pio, hdd:pio
  has: SanDisk SDCFB-256, CFA HDD
  HDB: IC25N020ATCS04-0, ATA drive
  has: disable DMA (U) to SanDisk SDCFB-256
  BLK: queue c03bf1a8, I/O limit 4095 MB (mask 0xffffffff)
  ide0 at 0x1f0-0x1f7, 0x3f6 on irq 14
  has: attachment the ide disk driver.
  had: task_no_data_intr: status = 0 x 51 {DriveReady SeekComplete error}
  had: task_no_data_intr: error = 0 x 04 {DriveStatusError}
  had: 501760 sectors (257 MB) w/1KiB Cache, CHS = 497/16/63
  HDB: attached the ide disk driver.
  HDB: host protected area-online 1
  HDB: 39070080 sectors (20004 MB) w/1768KiB Cache, CHS = 2432/255/63, UDMA (33)
  Check the partition:
  has: hda1, hda2, hda3
  HDB: hdb1, hdb2 hdb3 hdb4
  IDE: late registration of the driver.
  Review SCSI subsystem driver: 1.00
  I2C-core. o: i2c core module version 2.8.7 (20040611)
  I2C - dev. o: i2c/dev entries driver module version 2.8.7 (20040611)
  I2C - proc.o version 2.8.7 (20040611)
  I2C-i801 version 2.8.7 (20040611)
  Net4: Linux 1.0 for NET4.0 TCP/IP
  IP protocols: ICMP, UDP, TCP, IGMP
  IP: routing 4096 buckets cache hash table, 32Kbytes
  TCP: Hash tables configured established 131072 bind (65536)
  Linux IP router multicast 0.06 and PIM - SM
  Net4: Unix domain sockets 1.0/SMP for Linux NET4.0.
  kjournald starting.  Commit interval 5 seconds
  Ext3-fs: mounted filesystem with ordered data mode.
  VFS: Mounted root (ext3 file system) readonly.
  Release of memory used kernel: 136 k released
  INIT: initialization of version 2.84
  Welcome to CIDS v4.1 (1) S47 (Phoenix)
  Mounting proc filesystem: [OK]
  Configuration of the kernel parameters: [OK]
  Setting clock (localtime): my Apr 19 19:14:53 UTC 2010 [OK]
  Activation of swap partitions: [OK]
  Hostname parameter sensor: [OK]
  modprobe: can't open dependencies file /lib/modules/2.4.26-IDS-smp-bigphys/modules.dep (no such file or directory)
  Checking file system root
  / dev/hdb1: clean, 27334/83520 files, 56775/166666 blocks
  [/sbin/fsck.ext3 (1)-/] fsck.ext3 - a/dev/hdb1
  [OK]
  Back the root read / write file system: [OK]
  Find the module dependencies: depmod: can't open /lib/modules/2.4.26-IDS-smp-bigphys/modules.dep for writing
  [NOT]
  Checking of file systems
  / dev/hdb3: clean, 12 files, 2008, 1300/8032 blocks
  / dev/hda1: clean, 33/2656 files, blocks of 4184/10584
  / dev/hdb4: clean, 32/2280320 files, blocks 80505/4558443
  / dev/hda3: clean, 20/58232 files, 84949/232848 blocks
  Check all file systems.
  [/sbin/fsck.ext3 (1)-/ bootmnt] fsck.ext3 - a/dev/hda1
  [/sbin/fsck.ext3 (2)-/ usr/cids/idsRoot/shared] fsck.ext3 - a/dev/hdb3
  [/sbin/fsck.ext3 (2)-/ usr/cids/idsRoot/var] fsck.ext3 - a/dev/hdb4
  [/sbin/fsck.ext3 (2)-/ mnt/recovery] fsck.ext3 - a/dev/hda3
  [OK]
  Mounting local filesystems: [OK]
  Activation of local file system quotas: [OK]
  Activation of the swap space: [OK]
  Non-interactive startup entry
  Setting the network parameters: [OK]
  Set up the loopback interface: [OK]
  modprobe: can't open dependencies file /lib/modules/2.4.26-IDS-smp-bigphys/modules.dep (no such file or directory)
  Setting up interface eth1: [OK]
  Start recorder system: [OK]
  Kernel start recorder: [OK]
  Load keymap: [OK]
  Loading system font: [OK]
  The initialization of the random number generator: [OK]
  Audit of the allocated kernel memory: [OK]
  No XL map shows
  Charge Cidmodcap: WARNING: the kernel-module version mismatch
  /lib/modules/CID/cidmodcap.o was compiled for kernel version 2.4.18 - 5smpbigphys
  While this kernel version 2.4.26 - IDS-smp-bigphys
  /lib/modules/CID/cidmodcap.o: symbol register_chrdev_Rsmp_0450333d pending
  /lib/modules/CID/cidmodcap.o:
  Tip: You are trying to load a module without a GPL compatible license
  and unresolved symbols.  Contact the provider module for
  help, only they can help you.

  [NOT]
  Creation of boot.info [OK]
  Checking for changes to the system since the last boot [WARNING]
  Check the identification of the model [OK]
  Model: IDS-4215
  Error: mainApp has not started
  From sshd: [OK]
  From xinetd: [OK]
  From crond: [OK]
  From anacron: [OK]

  Login: cisco
  Password:
  You are required to change your password immediately (years)
  Change password for cisco
  (ongoing) UNIX password:
  New password:
  Retype the new password:
  NOTICE *.
  This product contains cryptographic features and is under the United States
  and local laws governing the import, export, transfer and use. Delivery
  Cisco cryptographic products does not imply permission to third parties to import,
  export, distribute or use encryption. Importers, exporters, distributors and
  users
  sensor connection: cisco
  Password:
  NOTICE *.
  This product contains cryptographic features and is under the United States
  and local laws governing the import, export, transfer and use. Delivery
  Cisco cryptographic products does not imply permission to third parties to import,
  export, distribute or use encryption. Importers, exporters, distributors and
  users are responsible for compliance with U.S. and local country. With the help of
  This product you agree to comply with the regulations and laws in force. If you
  are unable to meet the United States and local laws, return the product.

  A summary of U.S. laws governing Cisco cryptographic products to:
  http://www.Cisco.com/WWL/export/crypto

  If you need assistance please contact us by mail at
  [email protected] / * /.

  connection of the sensor:

  Since you did the recovery I assumeyou already tried to the unit powering down and back up.

  This is a weird problem I havn't seen before, but sometimes the sensors get currupt and need a full reimage to return to normal.

  I would like to download the most recent image 4215 and TFTP in your sensor in ROMMON.

  http://www.Cisco.com/en/us/partner/docs/security/IPS/6.0/installation/guide/hwImage.html#wp1030874

  -Bob

• Cisco IDS 4215 signatures update

  Hello people,
  We have a few Cisco IDS 4215 and would like to know if the upgrade of signatures, we can remove those released previously or whether precedents should not be eliminated.

  Information system of these devices.

  ***

  TAC-contact information
  URL: http://www.cisco.com/public/support/tac/home.shtml/
  Phone: 1 (800) 553-2447

  Sensor time is 110 days.
  Platform: IDS-4215-4FE-K9
  Boot partition: application

  Partition: application
  Build version: 6.0 (6) E3
  Host:
  Domain keys key1.0
  Definition of signature:
  Update of the signature S439.0 2009-09-30
  Virus update V1.4 2007-03-02
  OS version: 2.4.30 - IDS-smp-bigphys
  Applications
  MainApp
  N NUBRA_2009_JUL_15_01_10_6_0_5_57 2009-07-15 T 01: 15:08 - 0500 ipsbuild
  The executing State: running
  AnalysisEngine
  N NUBRA_2009_JUL_15_01_10_6_0_5_57 2009-07-15 T 01: 15:08 - 0500 ipsbuild
  The executing State: running
  Updates installed
  Update name: IPS - K9 - 6.0 - 6 - E3
  Once installed: July 15, 2009 18.48.06
  Update name: IPS-GIS-S439-req - E3.pkg
  Installed time: 6 October 2009 13.07.55
  Next lower upgrade:
  Partition: recovery
  Build version: 1.1 - 6, 0000 E3

  PEP Udi chassis
  Description sensor unit IPS 4215
  PID ID-4215-4FE-K9
  vid V01
  SN 88808513168

  Memory usage
  usedBytes = 377655296
  freeBytes = 132685824
  totalBytes = 510341120

  Use of the disk
  the application data uses 33.2 M off 166,8 M bytes of disk space available (21% of use)
  start using 37.6 M off 68.6 M bytes of disk space available (58% of use)
  Application log using 529,5 M off bytes of 2.8 G of disk space available (20% of use)

  ***

  Many thanks in advance,

  Luca

  Luca;

  Signature updates are cumulative, so you can simply ask the S493 update.  A caveat, however, if you need to make a big move in the signature release (say S470 to S493) it is usually more effective to make small updates (especially on a platform of low memory as the IDS-4215).

  Scott

• Deployment device 42xx Cisco IDS network taps

  Hi all

  Someone at - he experiences of deployment of IDS 42xx (4235 and 4215) appliances with network taps (e.g. Finisar UTP IT Tap/1)? I have several of the device IDS deployed a few months back using the taps of Finisar, and thought that it worked fine, until I discovered that I have am capture only one side of the circulation, due to the nature of the taps! It seems that I need to put in another card network on the device IDS (a Cisco 4235), but is - it possible? Is there a way I can turn the power of 4235 on channel binding or Etherchannel?

  The last option, I think if the ideas above are not possible is to put in another switch and reflect the two ports from the tap water, but that doesn't look good for the final cost...

  Suggestions are most welcomed!

  Thank you

  Kian Wei

  Monitoring network taps with a Cisco IDS device is not officially supported by Cisco.

  That said, howewever, several customers have successfully deployed with taps.

  Faucets, as you've seen have 2 outputs.

  If tap is placed on the connection between computers A and B, one of the outputs will be for traffic from A to B, and the other will be for traffic from B to A.

  To analyze the tap water, the sensor will need to see the two outputs.

  You could do this by connecting the taps to a switch and then extending over 2 ports to the IDS sensor monitoring port.

  Or you may be able to use a second interface on the sensor itself.

  The IDS-4235 4250 IDS and IDS-4215 are able to be upgraded with a 4 ports 10/100 card, for a total of 5 ports to sniff.

  If the connection you type is a 10Mb or 100 MB connection, then purchase 4 port 10/100 for the sensor and the 2 tap on 2 of the ports of the NETWORK adapter card.

  NOTE: The sensor combine incoming packets on all interfaces and treat them as if they are part of the same network.

  You just need to place all interfaces in 'Group 0' and select 'non-stop' each sniffing interface.

  Here is the part number for the 4 ports 10/100 cards:

  ID-4FE-INT =

  Refer to the installation guide for more information on how to install the card and to configure the sensor:

  http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/csids/csids10/hwguide/index.htm

  Now if you type is a 1 Gig copper or fiber optic connection then you will need to buy a switch to combine 2 outputs from the taps and extend towards the sensor sniffing port.

  Cisco currently offers no additional copper Gig cards.

  Cisco offers a map of fiber unique Gig for the IDS 4250 SX port but can't stand not place these cards in the sensor 2.

  Cisco also offers a dual port fiber Gig, known as the XL card. The XL card has hardware acceleration for the monitoring of the faster speeds. However, the XL card does not currently work with taps.

  So if followed by a 10/100 connection then try the 4 ports 10/100 card, but if touching a Gig connection, then you will need a switch to aggregate outputs 2.

  What some users have also done is to use the switch and do not worry with the faucet.

  They connect computer A to machine B to the switch and the switch. Then cover the traffic to the port of the sensor.

• General questions about errors in eventvwr

  Greetings.

  I have a general question about some failed modules are stored in the Windows Event Viewer.

  An error leading to the crashes some applications that I've seen several times now when supporting computer problems is something like this:
  (Windows error reporting) Fault bucket, Type 0, name of the event: PCA2, (...) P1: application.exe, (...)

  I wonder what this 'PCA2. Which is a kind of module Windows handles tasks such as allocating memory or smth. Like this? What could be the cause of these errors (physical memory problems / corrupt swap file / insufficient rights?)

  Same Question for the application falls down because of "kernelbase.dll" as in:
  (Application error) Failing application: application.exe, Version: 0.0.0.0, (...) Failed module: KERNELBASE.dll, Version: 6.1.7601.18015, (...) Path of the failing module: C:\Windows\syswow64\KERNELBASE.dll (...)

  What is the .dll file and what could possibly cause kernelbase.dll Fault?

  The application can be a bit buggy, but I wonder what could possibly cause these accidents and if there is a way to fix these problems - or what dev did wrong.

  The two errors occur mainly on x 64 systems - especially Windows 7/vista

  Kind regards

  With application errors, the application is called everything first and the module he collaborated with is named second. Normally you should try to reinstall the application if you see not to repeat the mistakes. If this does not work, you go to the forum on the application to see if other users see the same error. There may be a bug in the application.

  The observer of the Application event log contains Information reports (event ID: 1001) for errors where the details were sent to Microsoft for review. You will find that there are corresponding to the event ID: 1000 reports errors, either in the system or Application logs. These reports are also included in the center of the Action. Center type action in the area of research above the Start button and press ENTER. Click on the arrow pointing downwards to the right of Maintenance, and then click view reliability history. The errors reported are the Red orbs with a white cross. You can search for solutions to problems, but occasionally you get a significant response from Microsoft.

  I can't tell you what it means PCA2. Google did not find a significant result. The reports themselves are not unintelligible, although I have never tried to understand the meaning of a particular report. I have extracted what, in my view, is a starting point of two reports:
  Event name: PCA2 = P1: motherboard_utility_onoffchargesetup.exe P2: 4.65.0.0

  Event name: PCA2 = P1: setup.exe P2: 11.0.0.28844

  You have the app in the boredom and the version of the file. These details have been extracted a file of information system to a computer with a card mother Gigabyte. So, you see I have a starting point, if I wanted to determine the cause of a failure.

  I will say before you go dive deep into each event ID: 1001 report that many are not easy to even begin to understand. However, they can provide useful clues.

  KERNELBASE.dll is likely to be the module with which the application works. You need to focus on the application.  KERNELBASE is probably preceded by P3 or P4 in the report?

  General remarks on the event viewer:
  http://www.gerryscomputertips.co.UK/syserrors5.htm

• Smartphone Newbie question blackBerry - general question on the synchronization of e-mail

  Hello

  I have a general question about the synchronization of e-mail and BlackBerry smart phones.  Y at - it none of the devices that enable E-mail synchronization with Microsoft Exchange 2007 system not requiring BlackBerry Enterprise server?

  Thank you; Sorry if this has been asked before but I was unable to find it in the forums, documentation, etc.  Guess what I found for this kind of environment, you will use a BlackBerry Enterprise solution, but I can't assume.

  Thanks again.

  The short answer is no - BB using a different methodology than the use of WM. BB Push, WM uses (for most) sweater. As a result, the long answer...

  BB uses a server solution - it's called the BlackBerry Internet Service (BIS) and it is hosted by your carrier. As an ENCORE, you create a BIS account, then create configurations for different emails, save your credentials for each e-mail account with necessary configuration items (as an ENCORE) (name of the server, the special ports, etc.). Then, BIS periodically checks your mail servers (about every 15 minutes) for any changes on the server that are required on the BB - only, so it generates traffic to your BB to expel these changes. If there is nothing that need to come to the HH, there is no traffic on the network of the carrier.

  WM, on the other hand, devices use (for the most part - there are exceptions) a technology pull... the device itself asks your e-mail servers for changes that need to come to the HH. This generates more traffic on the network of the carrier that the action of the poll itself generates traffic, even if there is nothing to come to the HH.

  Another distinction is the notion of synchronization - in the vernacular WM, it means that what makes your Inbox to the server mailbox and your lines of mailbox HH of the each other for everything (items old and new)... In the vernacular of BB, what is happening is the reconciliation of the new features and changes. But the old elements aren't coming for BB... only news of the moment of activation.

  Another distinction is just what reconcile to a BB - new, remove, read/unread, saved, etc. Which varies according to the messaging service... see this KB for more information:

  • KB05133 Features of the BlackBerry Internet Service email reconciliation

  Hope that helps!

• Cisco IDS Vs Websense

  I have a n race pix firewall and I m trying to install hardware cisco IDS.

  I want to know if cisco ids and/or pix can help me to have as much control over the access to the internet as websense.

  I know that websense has 29 categories of content at the base that can be used to block outgoing traffic and pix and ID basically area limitation of incoming traffic and classification actions as attacks respectively.

  I have to justify if we need or don't need with cisco ids websense and websense and would appreciate your comments.

  You're talking about two different animals here. Websense looks at the URL used by the user to access the sites. Based on the strategies defined at Websense, the URL is allowed or denied. The PIX sends the URL of the Websense server before allowing the connection to the server. The ID decodes packets and does not care what the URL. You will need two systems for better protection.

  I don't recommend Websense. I carried out an audit of a websense server and it blocks all the URLS and I saw problems with the reportng function. A better product is Vericept.

• General question about the updates and version number

  I have a general question about versions and update.  I'm new on this and am in the deep end of learning I want.

  In vSphere web client, I see the following versions (these are exactly as the seller, he left a few months that I have screenshots in my documentation that match)

  Version - VMware ESXi, 5.1.0 1612806

  Profile - Dell (updated) ESXi - 5.1 - 799733 (A00)

  I am trying to familiarize themselves with the Update Manager and I noticed that there are a lot of patches and updates available.

  Lists of Update Manager 5 patches as "Missing" with Red x but directly above them are a list of patches with green tick indicating that "installed" - it is perhaps obvious, but im guessing 'installed' means really installed when displayed on the screen - there is an update installed, labeled "ESXI 5.1 all the update 2-' would be able to tell that it has been installed by the details of profile/version above?

  I don't think it's a big deal at this stage, but if I install all missing patches and then the details of the version/profile change in summary screen?

  I hope this makes sense.

  Thank you

  This article allows to correlate the updated version: products VMware correlating build numbers to update levels (1014508)

• Very general question VMWare Workstation

  Hi all

  So I have a very general question of VMWare Workstation.  Here's the context: I am with a very small company and we do desktop for windows software.  My development computer running Windows7, and I have an XP Virtual Machine to the test on this platform.

  However, I would like to test the deployment and operation of my software on different versions of Windows 7, Vista, XP, etc.  However, our society cannot afford to spend $1000 on all versions of Windows, we can find.

  Are there operating system free everywhere (which is legal) images that are intended to be used by developers?  Or, you must purchase a full license for all of these operating systems, just to do a little testing?  How do you all your images of BONES?

  I know that this is a very general question (and not technology), but I would appreciate any input all have just general experience.

  Thank you!

  Dan

  MS offers subscriptions MSDN and Technet, containing all kinds of licenses for the use of test and development - according to the level.

  André