JOINT Kiwi logging

Similar Questions

• How to get the JOINT-2 log file

  Hi, we installed in the 6500 system JOINT-2 cat. Anyone know how to get the syslog JOINT-2 file? and how config to send the log to syslog server? I know that these two questions are quite simple, but I've yet to find answers.

  Any help would be greatly appreciated.

  You can get the JOINT events to the CETS format. Using the Manager of IPS or other tool to collect these logs.

• VCenter Log Insight manager and kiwi syslog

  Hi guys

  I am excited to try this product, but I already have a solution of syslog using Kiwi syslog.

  I would be able to indicate the log Insight manager on the server of Kiwi?

  Concerning

  Firoze

  If you already use Kiwi then you could pass the newspapers of Kiwi to Insight Log: http://www.kiwisyslog.com/help/syslog/index.html?action_forward_to_another_host.htm

• Unable to access JOINT-2

  Hello...

  Sometimes my IDSM2 stops just alert reporting. Their State of connection in VMS SDI monitor will show 'connected', and when I try to SSH to the IDSM2 they request a user name and enter as soon as I hit they'll release session SSH the below error message printing. When they do, are also inaccessible via HTTPS. And when I try session inside through the switch in which they reside, they hang right after that I entered a user name. I usually can reset their via the switch command "hw-module", and after several times their resetting, they will start working again. I'm just curious as to why they do this, and if I do something to cause that can be avoided. They are running the latest version of the software 4and signatures, although I always had a problem with them that even in older versions. Here is the error message that they print.

  kernel: do_get_write_access() to transaction.c:721 Assertion failure: "(((jh2bh (jh))-> b_state & (1UL)).< bh_uptodate))="" !="">

  Thanks in advance

  It is a known problem with busy sensors where the hard drive gets finally not synchronized because of its constant use (something that hard drives are not really designed for) and the entire system crashes. Essentially, each alert that the JOINT see is written in a rotating 4Gig log file on the hard drive and with sensors that never see a large number of alerts from the hard drive gets a chance to stop and turns eventually out of alignment. Quick, albeit temporary difficulty, is the blade stop, wait 5 minutes, then turn on the power again. The shutdown procedure runs correctly on the hard drive and it resets. If the sensor is busy in many, the problem will occur again.

  We have implemented some fixes to work around this problem. You mention that you are running the latest code, but you must apply the latest service pack patch also work around this problem.

  Patches are obtained from here:

  http://www.Cisco.com/cgi-bin/tablebuild.pl/IDs-patches

  The last patch 'g', they are cumulative as signature update so apply it allows you to get all the previous too. Apply it and you should find that everything works MUCH better he did.

• JOINT-2, using a lot of memory

  Hello.

  I question obout JOINT-2 that is using 98% of the memory.

  Output sh worm:

  With the help of 1944629248 of 1979682816 memory available bytes (98% of use)

  With 4.3 G off bytes 17 G of disk space available (27% of use)

  It is normal that it is using 98% of memory durning normal operation or there is a problem?

  If this is not normal if you please tell me how I can trobuleshoot what is wrong with it.

  This message is misleading, because it includes the memory allocated for the system process as well as the memory allocated for the cache. Because cache

  memory is really "free". It is available for allocation at any time.

  It's actually a bug in cosmetics that you use in.

  If you want to check during periods of what you believe to be the high memory usage, you can connect as the user of the service

  (if you have not created a user of the service you can do this through):

  1. log in using the account "cisco", the prompt will look like:

  probe #.

  2. Enter configure terminal mode:

  probe # configure terminal

  3. create the service account:

  username Sensor (config) # service password xxx privilege service

  Then connect on the sensor as the user of the service and run the command 'free. ' What 'sh worm' reports is the column "used."

  The "Mem: ' row, column" used"is the amount of memory (in kilobytes) that reports the"show version"command." However, this total includes the amount 'cached '.

  The formula to calculate the actual memory used is:

  ((used-Cached) / total) * 100 = percentage of memory used.

• PIX 501 Logging

  I would like to open a session of hacking and intrusion of the attacks through a PIX 501 with a connection to broadband in a Home Office Setup. I have the camera upwards and the race and I am currently Setup with the Kiwi Syslog Dameon. What would be my best approach Logging all relevant information with the load to the bottom of the unit? Any suggestions / tips would be appreciated.

  Thank you

  It is a common logging configuration that I use:

  opening of session

  timestamp of the record

  logging trap information

  host of logging inside x.x.x.x

  No registration message 106015

  No message logging 106007

  No message logging 105003

  No registration message 105004

  No message recording 309002

  No message logging 305012

  No registration message 305011

  No message logging 303002

  No message logging 111008

  No message logging 302015

  No message recording 302014

  No message logging 302013

  No registration message 304001

  No message logging 111005

  No message logging 609002

  No message recording 609001

  No message logging 302016

  I usually do not enable the logging buffer (never use connection console it will affect performance) because it's not the messages timestamp (it only timestamps in the syslog). But the PIX loaded down with the load, you and Kiwi you before the PIX don't.

  Also turn on the IDs on the PIX.

  It will be useful.

  Steve

• 2 logging facilities?

  Is it possible to have the record of messages sent to two syslogs different. Our PIX 515 we have logging set in place to goto some lame program that we don't like. I know that the boss won't stop me logging him. I want to also connect to something like Kiwi syslod demon. Is this possible? Thank you.

  Yes, it is possible to have several destinations for syslog traffic.

  Use one for global forestry and the second for the kiwi.

• Need recommendation for PIX logging software

  Hello

  I need a recommendation for a PIX software logging so that I can better manage my PIX 525 and 515 firewall. I am currently using Cisco Syslog and I want something that I can set up specific, priority alerts, send email or page... etc. Your help would be most appreciated.

  Thank you

  You can use: KIWI Syslog

  http://www.kiwisyslog.com/software_downloads.htm#download%20Now

  Commercial products:

  Cisco VMS = http://www.cisco.com/go/vms

  Sawmill = http://www.sawmill.net/

  IQR = http://www.eiqnetworks.com/products/products.shtml

  sincerely

  Patrick

• How to permanently remove it from the event log in the CSA MC

  I run the Cisco Secure Agent 4 deployed on 4 PCs I have enabled documented logging just because it's a test environment & I wanted to see how many events it would generate. Well, last I checked CSA MC (under summary of events) it has more than 300,000 (it's just 300 000) events recorded. I have modified the event handler and applied the new rules, but the machine™ is slooooow both because of more than 300,000 events. Please see the screenshot joint. How do I permanently purge the event log. I used the purge within the CSA MC command but it removed only 10,000 events. The machine is slow so that I can do nothing about it.

  Well, I wanted to send the screenshot, but the machine is slow I can't even attach the file. But in all cases, the problem is that the window summary displays message of more than 300,000 events & I need for permannently remove events.

  Thank you.

  Was the only one I know how is to use "events" and click all events. From there, you can click or purge the events of your choice.

  Also, what are the specifications of server you use?

  I have been involved with MCs with more than 2 x what you have & this server is satisfactory product.

  Hope this helps,

  Peter

• VPN 3000 Concentrator logging

  Our company uses a 3000 VPN concentrator for our VPN access.

  Is there a way to view a log history of what the user connected to the VPN and what IP address they were assigned?  This would be 2 days ago, which was over the weekend.

  Thank you.

  To obtain this type of information, you must configure an external management server, syslog server and send this info to this server.

  You can for example download any freeware like http://www.kiwisyslog.com kiwi syslog server, then configure the hub to send the logs on the server.

  Here's how to use the VPN 3 k and syslogs etc...

  http://www.Cisco.com/en/us/partner/docs/security/vpn3000/vpn3000_47/configuration/guide/events.html

  For information more fancy graphical reporting you can also use Cisco Security Manager http://www.cisco.com/en/US/partner/products/ps6498/index.html

  There are also 3rd party sofwware out there who can collect this type of information such as the engine firewall monitor of manage - may also collect newspapers of concentrators Cisco VPN - connections vpn etc...
  http://www.ManageEngine.com/products/firewall/distributed-monitoring/index.html

  Concerning

• /var/log/boot.gz

  I guess that this file is created at startup and then gzip'd for archival purposes.

  So, question:

  -Is this file crashed every time you start it gets archived/moved/saved for historical reference, or is it just added/joint at each start-up phase?

  THX.

  Guardian1234 wrote:

  -Is this file crashed every time you start it gets archived/moved/saved for historical reference, or is it just added/joint at each start-up phase?

  I did two reboots of a 5.1 ESXi host and the boot.gz was that 30506 bytes in the first case and after the second reboot 30416 bytes. A large amount of new lines has been added, but the size was still a few bytes less. This strongly tells me that the file is overwritten each time you start. (Server on a persistent storage as well).

  You could read the file with zcat /var/log/boot.gz | more.

• How to send the autdit log to syslog?

  Hi all

  11.2.0.1

  AIX 6.1

  Our auditor TI wants to save our audit of the log files of the operating system, which can be protected by the root, so that - dba oracle (sys) can not touch it. Then the auditor wanted to send it to our server on another central audit trail machine.

  I found this link in google:

  https://sites.Google.com/site/splunkfororacleaudittrails/documentation/HOWTO/howtoenableoracleauditviasyslog

  http://underdarkonsole.blogspot.com/2011/10/send-Oracle-11g-audit-log-to-syslog.html

  The 3rd party software such as kiwis and Splunk mentioned link. Is it necessary to send the audit log to syslog?

  Thank you very much

  zxy

  You do not write.  Oracle sends audit messages to the syslog facility.  It is the syslog daemon which is writing.

  Hemant K Collette

• Restore the size of the log in Data Guard configurations

  DB version: 11.2
  Platform: Solaris 10
  
  We have currently a DB production which is not Dataguard.It has a load of joint working: some processing OLTP and batch.
  Its size of redo log is * 100 * MB.
  
  We will create a database with the requirement very similair but this DB will have primary standby (Data guard) and real time applies.
  
  To adapt to the requirements of dataguard, we should reduce the size of the recovery online newspapers? That is to say. Transport of small pieces of roll forward is better than carrying more. Right?

  Hello;

  If you use "real-time applies" the key is not the size so that the standby Redo Logs.

  In most cases, 100 MB is fine. Newspapers to sleep again must be the same size that it again.

  With 'real time applies' SRL act as a buffer.

  Unless you have a real problem with the size of do it again I would not change it.

  An excellent source of information on this is 'Restore the Services of Transport' in ' Data Guard Concepts and Administration 11 g Release 2 (11.2) "E10700-02".

  If you believe that your logs are too big departure "Troubleshooting performance problems with the database and base/MFG MRP [ID 100964.1]"

  Best regards

  mseberg

  Published by: mseberg on May 31, 2012 11:33

• With kernel panic issues please help reading log files

  Whenever I plug a peripheral usb Arduino my mac crashes. Here is the log. I can't understand.

  _________________________

  Anonymous UUID: F337CFF1-4204-DF6D-2BD0-B6FDF3953966

  Mon 3 Oct 11:30:17 2016

  Panic report *.

  panic (the appellant 2 cpu 0xffffff801554186b): 'item 0xffffff9202993dee of vm area objects being released taken wrongly zone kalloc.16\n"@/Library/Caches/com.apple.xbs/Sources/xnu/xnu-3789.1.32/osfmk/kern /zalloc.c:2664 '.

  Backtrace (2 CPU), Frame: Return address

  0xffffff9202823ba0: 0xffffff80154f748c

  0xffffff9202823c20: 0xffffff801554186b

  0xffffff9202823d00: 0xffffff8015a86fe6

  0xffffff9202823d20: 0xffffff7f9643d00a

  0xffffff9202823d70: 0xffffff7f9639600a

  0xffffff9202823d90: 0xffffff7f9639bf9d

  0xffffff9202823e10: 0xffffff8015ac00ba

  0xffffff9202823e80: 0xffffff7f9639b8dd

  0xffffff9202823ed0: 0xffffff7f963a07e1

  0xffffff9202823f10: 0xffffff7f963a053f

  0xffffff9202823f30: 0xffffff8015abd621

  0xffffff9202823f80: 0xffffff8015abcc06

  0xffffff9202823fb0: 0xffffff80154a6af7

  Extensions of core in backtrace:

  com.apple.iokit.IOUSBHostFamily (1.1) [6A671CD8-5527-3A10-8675-1421D158D7A7] @ ffff7f96365000-> 0xffffff7f963ccfff 0xff

  dependency: com.apple.driver.AppleBusPowerController (1.0) [DB526B45 - 1 A 45 - 3A 81 - A0C1-57F826CAD EDF]@0xffffff7f96358000]

  com.apple.iokit.IOUSBFamily (900.4.1) [8F6207EC-608D-373A-B35E-E6578202F58D] @ ffff7f96409000-> 0xffffff7f964a1fff 0xff

  dependency: com.apple.iokit.IOPCIFamily (2.9) [731443D8-78D5-30C8-939A-1ED3E857CA22] @ 7f95d32000 0xffffff

  dependency: ffff7f96365000 @0xff com.apple.iokit.IOUSBHostFamily (1.1) [6A671CD8-5527-3A10-8675-1421D158D7A7]

  Corresponding to the current thread BSD process name: kernel_task

  Boot args: kext-dev-mode = 1

  Mac OS version:

  A 16, 323

  Kernel version:

  16.0.0 Darwin kernel version: Mon Aug 29 17:56:20 PDT 2016; root:XNU-3789.1.32~3/RELEASE_X86_64

  Kernel UUID: 622D2470-C34D-31F9-A62B-6AA9A3C6A3CD

  Slide kernel: 0 x 0000000015200000

  Text of core base: 0xffffff8015400000

  Text __HIB base: 0xffffff8015300000

  Name of system model: MacBookPro11, 5 (Mac-06F11F11946D27C5)

  Availability of the system in nanoseconds: 5562983687

  last load kext to 5127051852: com.apple.driver.ApplePlatformEnabler 2.7.0d0 (addr 0xffffff7f97b15000 size 28672)

  kexts responsible:

  com WCH.usbserial 1

  com Kaspersky.NKE 2.3.1a8

  com Kaspersky.kext.Klif 3.4.2a30

  com.apple.driver.ApplePlatformEnabler 2.7.0d0

  com.apple.driver.X86PlatformShim 1.0.0

  com.apple.driver.AppleOSXWatchdog 1

  com.apple.driver.AppleGraphicsDevicePolicy 3.13.60

  com.apple.driver.AppleHDAHardwareConfigDriver 276.26

  com.apple.driver.AppleUpstreamUserClient 3.6.4

  com.apple.driver.AppleHDA 276.26

  com.apple.kext.AMDFramebuffer 1.4.4

  com Apple.Driver.pmtelemetry 1

  com.apple.iokit.IOUserEthernet 1.0.1

  com.apple.driver.AppleIntelHD5000Graphics 10.1.8

  com.apple.iokit.IOBluetoothSerialManager 5.0.0f18

  com.apple.AMDRadeonX4000 1.4.4

  com.apple.driver.AppleCameraInterface 5.57.0

  com.apple.Dont_Steal_Mac_OS_X 7.0.0

  com.apple.driver.AppleHV 1

  com.apple.iokit.BroadcomBluetoothHostControllerUSBTransport 5.0.0f18

  com.apple.driver.ACPI_SMC_PlatformPlugin 1.0.0

  com.apple.driver.AppleSMCLMU 208

  com.apple.driver.AppleLPC 3.1

  com.apple.driver.AppleMuxControl 3.13.60

  com.apple.kext.AMD7000Controller 1.4.4

  com.apple.driver.AppleThunderboltIP 3.0.8

  com.apple.driver.AppleIntelFramebufferAzul 10.1.8

  com.apple.driver.AppleIntelSlowAdaptiveClocking 4.0.0

  com.apple.driver.AppleFIVRDriver 4.1.0

  com.apple.driver.AppleBacklight 170.9.10

  com.apple.driver.AppleMCCSControl 1.2.13

  com.apple.iokit.SCSITaskUserClient 394

  com.apple.driver.AppleUSBStorageCoexistentDriver 404.1.1

  com.apple.driver.AppleUSBCardReader 404.1.1

  com.apple.driver.AppleTopCaseHIDEventDriver 102

  com.apple.driver.AppleUSBTopCaseDriver 102

  com.apple.iokit.IOBluetoothUSBDFU 5.0.0f18

  com.apple.driver.CoreStorageFsck 540

  com.apple.iokit.IOAHCIBlockStorage 295.1.1

  com.apple.driver.AirPort.Brcm4360 1100.37.1a16

  com.apple.driver.AppleAHCIPort 326

  com.apple.driver.AppleFileSystemDriver 3.0.1

  com.apple.AppleFSCompression.AppleFSCompressionTypeDataless 1.0.0d1

  com.apple.AppleFSCompression.AppleFSCompressionTypeZlib 1.0.0

  com.apple.BootCache 39

  com Apple.filesystems.HFS.kext 366.1.1

  com.apple.driver.AppleSmartBatteryManager 161.0.0

  com.apple.driver.AppleACPIButtons 5.0

  com.apple.driver.AppleRTC 2.0

  com.apple.driver.AppleHPET 1.8

  com.apple.driver.AppleSMBIOS 2.1

  com.apple.driver.AppleACPIEC 5.0

  com.apple.driver.AppleAPIC 1.7

  com Apple.NKE.applicationfirewall 171

  com Apple.Security.Quarantine 3

  com.apple.security.TMSafetyNet 8

  com.apple.driver.DspFuncLib 276.26

  com.apple.kext.OSvKernDSPLib 525

  com.apple.iokit.IOSerialFamily 11

  com.apple.iokit.IOSurface 152

  com.apple.iokit.IOBluetoothHostControllerUSBTransport 5.0.0f18

  com.apple.iokit.IOBluetoothHostControllerTransport 5.0.0f18

  com.apple.iokit.IOBluetoothFamily 5.0.0f18

  com.apple.driver.AppleHDAController 276.26

  com.apple.iokit.IOHDAFamily 276.26

  com.apple.iokit.IOAudioFamily 205.11

  com.apple.vecLib.kext 1.2.0

  com.apple.driver.IOPlatformPluginLegacy 1.0.0

  com.apple.driver.X86PlatformPlugin 1.0.0

  com.apple.driver.AppleSMBusPCI 1.0.14d1

  com.apple.driver.IOPlatformPluginFamily 6.0.0d8

  com.apple.driver.AppleGraphicsControl 3.13.60

  com.apple.kext.AMDSupport 1.4.4

  com.apple.driver.AppleThunderboltEDMSink 4.1.1

  com.apple.driver.AppleThunderboltDPOutAdapter 4.5.3

  com.apple.AppleGraphicsDeviceControl 3.13.60

  com.apple.iokit.IOAcceleratorFamily2 288.13

  com.apple.iokit.IOSlowAdaptiveClockingFamily 1.0.0

  com.apple.driver.AppleBacklightExpert 1.1.0

  com.apple.iokit.IONDRVSupport 2.4.1

  com.apple.driver.AppleSMC 3.1.9

  com.apple.driver.AppleSMBusController 1.0.14d1

  com.apple.iokit.IOGraphicsFamily 2.4.1

  com.apple.iokit.IOUSBMassStorageClass 4.0.4

  com.apple.iokit.IOSCSIBlockCommandsDevice 394

  com.apple.iokit.IOUSBMassStorageDriver 131.1.1

  com.apple.iokit.IOSCSIArchitectureModelFamily 394

  com.apple.driver.AppleHIDKeyboard 197

  com.apple.driver.AppleMultitouchDriver 367,6

  com.apple.driver.AppleInputDeviceSupport 76.1

  com.apple.driver.usb.IOUSBHostHIDDevice 1.1

  com Apple.Driver.USB.cdc 5.0.0

  com.Apple.Driver.USB.Networking 5.0.0

  com.apple.driver.usb.AppleUSBHostCompositeDevice 1.1

  com.apple.driver.CoreStorage 540

  com.apple.driver.AppleXsanScheme 3

  com.apple.iokit.IO80211Family 1200.12.2

  com.apple.driver.mDNSOffloadUserClient 1.0.1b8

  com Apple.Driver.corecapture 1.0.4

  com.apple.driver.AppleUSBMergeNub 900.4.1

  com.apple.driver.usb.AppleUSBXHCIPCI 1.1

  com.apple.driver.usb.AppleUSBXHCI 1.1

  com.apple.iokit.IOAHCIFamily 288

  com Apple.filesystems.HFS.Encodings.kext 1

  com.apple.iokit.IONetworkingFamily 3.2

  com.apple.driver.AppleThunderboltDPInAdapter 4.5.3

  com.apple.driver.AppleThunderboltDPAdapterFamily 4.5.3

  com.apple.driver.AppleThunderboltPCIDownAdapter 2.0.3

  com.apple.driver.AppleThunderboltNHI 4.1.3

  com.apple.iokit.IOThunderboltFamily 6.2.1

  com.apple.driver.usb.AppleUSBHostPacketFilter 1.0

  com.apple.iokit.IOUSBFamily 900.4.1

  com.apple.iokit.IOUSBHostFamily 1.1

  com.apple.driver.AppleUSBHostMergeProperties 1.1

  com.apple.driver.AppleBusPowerController 1.0

  com.apple.driver.AppleEFINVRAM 2.1

  com.apple.driver.AppleEFIRuntime 2.0

  com.apple.iokit.IOHIDFamily 2.0.0

  com.apple.iokit.IOSMBusFamily 1.1

  com Apple.Security.sandbox 300.0

  com.apple.kext.AppleMatch 1.0.0d1

  com.apple.driver.AppleKeyStore 2

  com.apple.driver.AppleMobileFileIntegrity 1.0.5

  com.apple.driver.AppleCredentialManager 1.0

  com.apple.driver.DiskImages 444

  com.apple.iokit.IOStorageFamily 2.1

  com.apple.iokit.IOReportFamily 31

  com.apple.driver.AppleFDEKeyStore 28.30

  com.apple.driver.AppleACPIPlatform 5.0

  com.apple.iokit.IOPCIFamily 2.9

  com.apple.iokit.IOACPIFamily 1.4

  com.apple.kec.Libm 1

  com Apple.KEC.pthread 1

  com Apple.KEC.corecrypto 1.0

  System profile:

  Airport: spairport_wireless_card_type_airport_extreme (0x14E4, 0 x 152), Broadcom BCM43xx 1.0 (7.21.171.10.1a16)

  Bluetooth: Version 5.0.0f18, 3 services, 17 machines, 1 incoming serial ports

  Bus crush: MacBook Pro, Apple Inc., 27.1

  Memory module: BANK 0/DIMM0, 8 GB, DDR3, 1600 MHz, 0x80AD, 0x484D54343147533642465238412D50422020

  Memory module: BANK 1/DIMM0, 8 GB, DDR3, 1600 MHz, 0x80AD, 0x484D54343147533642465238412D50422020

  USB device: USB 3.0 Bus

  USB Device: Card reader

  USB device: Apple keyboard / Trackpad

  USB Device: USB Bluetooth host controller

  Serial ATA Device: APPLE SM0512G, GB 500,28 SSD

  Model: MacBookPro11, 5, MBP114.0172.B09 of BootROM, 4 processors, Intel Core i7, 2.5 GHz, 16 GB, MSC 2.30f2

  Network service: Wi - Fi, AirPort, en0

  Graphics card: AMD Radeon M370X, AMD Radeon M370X, PCIe, 2048 MB R9 R9

  Graphics card: Intel integrated Iris Pro, Intel Iris Pro,

  Uninstall Kapersky. His tendency to interfere with the operation of the computer while offering little or no benefit.

  Uninstall Kapersky

• How was that I logging into your account?

  Hey! What is the * current? Why when I open the Apple support site I see these:

  What is going on? How was that I logging into your account? Is I hacked or what? Or it's matter of Apple? Help, please.

  < image edited by host to remove personal information >

  I've been there before. I came to this site and I was instantly connected as someone who recently signed. Someone helped me to produce a report to Apple.