Modification of the IPS on several hosts

Similar Questions

• I would like to revive the officer on several hosts

  I would like to revive the MA on different hosts, using a file entry for host names.  Does anyone have something similar to this or can point me in the right direction please?

  Thank you

  I suspect that might be a problem

  When the ESXi is not connected to the vCenter, the Get-VMHostService may not work.

  IMHO, there are 2 alternatives

  1) connect to each ESXi host with the Connect-VICenter cmdlet and restart once connected to the service in the same way as I showed

  2) connect to the interface of the ILO.

  If I remember correctly there is a PowerShell library for this.

  But I don't know how you can use this to restart a service on the ESXi.

• Configuration of the network with several hosts (dVS/EtherChannel)

  Hey,.

  Let's say that there are 4 hosts, each with 2 NETWORK adapter connected to a switch. On the side of ESX, all uplinks are added to a dVS and the port group is set to 'Route based on IP Hash'.

  Host 1 > change of ports 1 and 2

  Host 2 > change ports 3 and 4

  Host 3 > change ports 5 and 6

  Host 4 > change ports 7 and 8

  The switch (Cisco) must be configured as:

  Port channel 1: 1 to 8 Ports

  OR

  
  Port channel 1: 1 and 2 Ports

  Port channel 2: 3 and 4 Ports

  Port channel 3: Ports 5 and 6

  Port Channel 4: 7 and 8 Ports

  Thanks for any help.

  A port for each host channel... This article shows an example with two hosts: example configuration of EtherChannel / switches control protocol LACP (Link Aggregation) with ESXi/ESX and Cisco/HP (1004048)

• Look at a FPS in real time of the events of several IPS devices

  What is the best strategy for the display of the IPS in real-time of the events of several IPS devices now that VMS filed end of LIFE?

  There was a nice view unique of all IPS events from all IPS devices run in VMS and I was wondering where I can tell people to receive the same information on their networks. I do not see in CSM and I do not think that they will find in MARCH. Please notify and correct me if I'm wrong. Thank you!

  You can use VEI. It is an observer of events that has a dashboard in real time also. You can import several sensors inside and view the events in real time.

  Link to VEI to 5.x versions:

  http://www.Cisco.com/cgi-bin/tablebuild.pl/IPS-EV

  Link to VEI to versions 4.x:

  http://www.Cisco.com/cgi-bin/tablebuild.pl/IDs-EV

  Kind regards

  Maryse.

• I've updated my Muse app to the latest version of July and since then my Muse forms do not work with several of my web hosting providers. Is this a case of the site not having host is not the latest version of PHP?

  I've updated my Muse app to the latest version of July and since then my Muse forms do not work with several of my web hosting providers. Is this a case of the site not having host is not the latest version of PHP?

  Please consult this document:

  Troubleshooting Muse form used on the servers of third party Widgets

  Thank you

  Sanjit

• Modification of the Hosts file

  I'm trying to edit the file hosts on my laptop, but can't seem to find it in the usual place: c:\windows\system32\drivers\etc. Everything is in this folder are the following files:

  hosts. ICS
  LMHOSTS. Sam
  networks
  Protocol
  services

  Is there another location for the hosts file? I am running Windows 7 Home Premium (rel. 6.1.7601, service pack 1) on a 64-bit HP Pavilion dv7-1245dx laptop. The file 'hosts.ics' is the same as the [missing]? file "hosts"? Any help would be appreciated.

  The hosts.ics is a configuration file for Internet connection sharing. If you want to add the static IP mapping, you should now edit the file hosts , not the hosts.ics.

  There is really only one location for the file hosts . namely c:\Windows\System32\Drivers\Etc or % SYSTEMROOT%\System32\Drivers\Etc. make sure you have the Show hidden files folders and drives in Explorer, tools, folder, display, Advanced Settings Options.

  Start by clicking Start or tapping on the Windows key and typing notepad.exe , then hit Ctrl + Shift + Enter together or right click on the menu item start Notepad choosing run as administrator. Acknowledge the UAC warning and supply references if requested. This gives you the privileges that are required to modify the hosts file.

  Press Ctrl + O (aka file, open) and first of all to define the type of files to the list/save all the files in the lower right corner. Type or paste %SYSTEMROOT%\System32\Drivers\Etc in the file name: text box and hit Enter or click Open to quickly navigate to the etc folder.

  If you do not have a hosts file, create one with two lines.

  127.0.0.1 localhost
  : 1 localhost

  These are unnecessary, because the localhost name resolution is managed in the DNS, but it will help you get started. Add your static IP mapping lines as needed.

  When you save the file in Notepad, make sure the file type is set to all files or Notepad will add the file name .txt.

  How to configure a static Client for Windows XP Internet connection sharing

• no alarm of the IPS

  Hello

  We use the AIP-SSM-40, Version 7.0 (2) E4.

  Send us traffic from all the interfaces of the IPS. When we test with hamid 2004, we have no alarm.

  the ASA configuration is as follows:

  inside_mpc of access allowed any ip an extended list

  Interior-ip-class of the class-map
  corresponds to the inside_mpc access list

  Interior-ips-policy policy-map
  class internal ip class
  IPS inline help

  service inside Interior-ips-policy-policy interface

  on the AIP - SSM, the configuration is the following:

  signatures 2004 0
  high severity alert
  Atomic-ip engine
  event-action produce-alert|produce-verbose-alert|deny-attacker-inline|deny-connection-inline|deny-packet-inline
  Yes specify-l4-Protocol
  L4-icmp Protocol
  Specify-icmp-type no.

  What we should do to get the alarm?

  What do you mean alarm? Do you mean that you are not able to see the events triggered by signature # 2004?

  You can check what is the frequency of the alerts configured for this signature? The default value is "Summarize" every 30 seconds. You can change the frequency of the alerts to "All fires", if you use the #2004 signature for testing.

  In addition, you must send traffic across the ASA for traffic is inspected by the PPE.

  Finally, I'm assuming you already activated/assigned the virtual IPS (vs0) sensor for signature (sig0).

  Hope that helps.

• Tune the IPS Signature

  Hello

  I want to set the IPS signature so that he could make an exception of ip addresses.

  the signature is 13004 (this is the signature of scan UDP) I ciscoworks in my network that scans the network using UDP, I don't want to disable the signature I just want to add the ciscoworks ip address to the list (if it exists), I have configured the alert to be sent to my email and I got a lot of those emails that said

  high 13004-0 "AD - external UDP Scanner" x.y.z.w/src_port(*) 0.0.0.0/dest_port(*)

  Thank you

  Alakabeer-

  You want to configure an event rule Action for this signature with the IP address of your Ciscoworks host in the event Action Variable:

  http://www.Cisco.com/en/us/docs/security/IPS/7.0/Configuration/Guide/CLI/cli_event_action_rules.html#wp1032319

  -Bob

• Check the IPS configuration

  I am very new on the front of Cisco IPS and have configured an ASA 5510 with the SSM-10 IPS module.  We have a compatible interface with multiple VLANs on this interface.  I installed the IPS, to the best of my ability, and I think it's okay as inline doesn't open in a configuration of active / standby asa.  Is it possible to check that the traffic flows properly to this IPS module?  Also, I've mentioned on the Setup it of because this version of the IPS, if I understand correctly, will not allow pairs VLAN, then when I put the policy to inspect all traffic, this traffic inspected between all the VLANS.  Another mystery, this is when I discovered my IPS interfaces (management and is not) that is not configured as management shows no matched.

  I know it of a lot, so let me summarize:

  -How can I check that my setup works as intended where all traffic between all them VLAN is inspected.

  -Why my interface managers showing 'matched '.

  -Looking through all of the Cisco documentation, I noticed the mention of the "contexts"; I don't see any reference to these contexts within the IDM.  It's just for my knowledge, but may be necessary for installation... I do not know.

  Thank you!

  Hello Mote, heat

  With regard to your questions:

  -How can I check that my setup works as intended where all traffic between all them VLAN is inspected?

  Since you're using an IPS module, traffic that matches the class configured on the SAA is under inspection, you can configure a capture on the dataplane Interface (the Interface used to send traffic to the ASA to IPS) using this command:

  capture ips int asa_dataplane buffer 15000000

  Check capture using the:

  See the FPS capture

  The output should display the packets from for each VLAN.

  -Why my interface managers showing 'matched '?

  

  Modules ASA IPS (ASA 5500 AIP SSM, ASA IPS 5500-X SSP and ASA IPS SSP 5585-X) do not support pairs VLAN inline.

  You can associate a VLAN in pairs on a physical interface. This is known as pair mode for the VLAN inline. Packets received on one of VLAN matched are analyzed and then forwarded to another VLAN in the pair. Because the module has only a detection interface, this is why it is shown as Unpaired.

  Literature speaks of "security contexts. You can partition an ASA unique in several virtual devices, called security contexts. Each context is an independent device, with its own security policy, interfaces, and administrators. Several contexts resemble have several stand-alone devices. Many features are supported in multiple context mode, including the routing tables, features of firewall, IPS, and management.

  Please rate the answer if you find it useful.

• Deploy multiple virtual machines on several hosts evenly?

  Hello people!

  I wrote a small script to deploy many virtual machines on several hosts at random.

  But I would rather deploy a virtual machine to each host in a table and then start over again until the number of virtual machines to deploy exhausted.  Distribution of the burden of deployment as evenly as possible.

  Anyone have a suggestion?  Example of nested loops?

  

  PowerShell beginner, here.

  Thank you

  romatlo

  One way to do this is with the modulo operator (%), something like this

  $numVMs = 11

  $tgtEsx = get-Cluster "Westcreek | Get-VMHost-name z420 *.

  1.. $numVMs | %{

  [New-VM-name 'Test $($_)' $tgtEsx[$_%$tgtEsx.Count - VMHost]

  }

• Get the stock vCO Powershell hosts

  Hello

  Does anyone know how to get Powershell hosts of the vCO stock of the script?

  I would like to run a script on several hosts of Powershell without specifying each (this list of construction and provision of a table would be a good solution).

  Thanks for your help

  var psHosts = Server.findAllForType ("PowerShell:PowerShellHost", null);

• Get-vmhost does not reflect the number of correct hosts on a few scenarios

  Hello members of the community.

  When I try to use the cmdlet get-vmhost against a cluster that has one or no hosts in there, I don't get the number of correct hosts. Here are some lines for this information.

  foreach ($objDataCenter to $objColDataCenters)
  {
  $objColClusters = get-Cluster-location $objDataCenter

  foreach ($objcluster to $objColClusters)
  {
  $Details = $Null
  $objClusterBaseRP = $objHosts = $objDataStores = $objVMs = $Null
  $intNUmDatastores = $intNumHostCPUs = $intTotCPUMhz = $intTotUsageCPUMhz = 0
  $intTotMemMB = $intTotUsageMemMB = 0
  $CPUStat = $CPUStatMax = $MemoryStat = $MemoryStatMax = 0
  $intTotMemGB = $intUsageGB = $intMemResGB = $intMemLmtGB = 0
  $inttOTDiskCapacityMB = $intTotDiskFreeMB = $intTotDSCapacityGB = $intTotDSFreeGB = 0
  $intTotVMMemGB = $intTotVMCPUMhz = $intNumVMCpus = $intTotVMMemMB = 0
  $intTotVMProvisionedSpaceGB = $intTotVMUsedSpaceGB = 0

  $objHosts = get-vmHost-location $objcluster

  $objHosts.Count

  }

  }

  code above produce white for clusters that has one host for all other groupings that has 2 or several hosts results are correct. I know that there is no point of having a single node cluster or not, but the result does not reflect his decent stats.

  In the same way under lines also produce incorrect information to the cluster that has no HOST or a single HOST that is in maintenance mode and has no inside VMs

  $objVMs = get-VM-location $objCluster

  $objVMs | %{
  $intNumVMCpus += $_. NumCpu
  $intTotVMMemMB += $_. MemoryMB
  $intTotVMProvisionedSpaceGB += $_. ProvisionedSpaceGB
  $intTotVMUsedSpaceGB += $_.usedSpaceGB
  
  }

  When I print the values of all the variables above, it should report 0 instead I have the chance to see some numbers. Please note I have explicitly assign values $null to all objects and 0 in all other variables at the beginning of the loop for clusters.

  Any help to solve this is greatly appreciated - thanks

  Kind regards, Philippe

  Hello, Ramkrish-

  Welcome to the communities.

  For the first part, the number of hosts in a cluster with zero (0) or one 1 host - there are a number of things happening there.

  When the Get-VMHost call returns only one host, and you then try to access to the. Property of the count of $objHosts, you try to access this property on an object VMHost, not an array of length 1 with a VMHost inside.  And, since the VMHost object has no property '. " Count' you get a return of the 'white' or null.

  And when Get-VMHost will return no host, and you are trying to access. Count on $objHosts, you effectively type '$null. "Count", since $objHosts - eq $null at that time.

  Two ways to handle these cases would be to use the Measure-Object cmdlet or explicitly to a table, even if zero or one VMHosts are returned.  As:

  ## using Measure-Object$objHosts = Get-VMHost -Location $objcluster($objHosts | Measure-Object).Count    ## correctly returns 0 or 1 (or greater)...## or## forcing an array, even if 0 or 1 items returned$objHosts = @(Get-VMHost -Location $objcluster)$objHosts.Count        ## correctly returns 0 or 1 (or greater)...
  

  Regarding the behavior you're seeing with the statement Foreach-Object with $objVMs, I suspect that the behavior of the Foreach-Object statement when you're running an empyt null him is at stake here.  In other words, while you can imagine "$arrEmptyArray | % {'Hello'}' to produce anything, happening actually by an interation of the loop (really - try - the).  So to avoid this, you can delete the unnecessary part that stores the output of Get - VM in the variable "$objVMs" and combine the lines to channel the output from Get - VM directly to the Foreach-Object statement, as:

  Get-VM -Location $objCluster | %{    $intNumVMCpus += $_.NumCpu    $intTotVMMemMB += $_.MemoryMB    $intTotVMProvisionedSpaceGB += $_.ProvisionedSpaceGB    $intTotVMUsedSpaceGB += $_.usedSpaceGB}
  

  By the way: while we're updating this code a little, another way that you could get these totals is again using the Measure-Object cmdlet, this time with the parameter - sum, as:

  Get-VM -Location $objCluster | Measure-Object -Sum -Property NumCpu, MemoryMB, ProvisionedSpaceGB, usedSpaceGB
  

  Much more compact and allows just of PowerShell do the work.  Although you then maintain the return of the object of measures, depending on the situation, it is quite practical.

  How about that?

• list of all the vm and what host they belong to

  Hi, I'm new to powercli & just had a (probably really simple) question.

  When I do something like:

  Get-vmhost-name "hostname" | Get - vm

  I get all the VMs on that host, but I only get powerstate, name, num cpu and memory. But if I again through "export-csv" pipes, I get tons more of information. How can I get this info on the command line itself, or better still to filter the columns that I want to see when the piping to the csv format?

  My goal was actually to get a list of all vm AND host it that belonged to, using the command get - vm, but I couldn't very well to show me was the information I'm looking for.

  Thanks in advance.

  Hello, lm31-

  There are several ways you could get the data properties.  You can "select" properties of the object using the Select-Object cmdlet.  So if you want to get a virtual machine and return some properties of choice, you might do something like:

  PS C:\> Get-VM myVM | Select-Object Name,Folder,ProvisionedSpaceGB,NumCpu,MemoryMB
  
  Name               : myVM
  Folder             : testVMs
  ProvisionedSpaceGB : 41.01
  NumCpu             : 1
  MemoryMB           : 2048
  

  A simple example of something that would work for your scenario to get all virtual machines and displaying the name of the host on which they are running:

  PS C:\> Get-VM | Select-Object Name,VMHost
  
  Name          VMHost
  ----          ------
  myVM          ourHost0
  myVM1         ourHost1
  ...
  

  Once you get a little more complicated reporting, you will definitely want to use the cmdlet Get-View, for reasons of speed of the script, but for this example, the foregoing will do ok.

• Change the location of several pictures at the same time?

  I see how to change the location of a photo at a time. Is it possible to change the location of several pictures at the same time?

  Thank you

  Phil

  Select the photos and info - enter the location (or any other field of the info) and it is applied to all photos

  This is described in using Photos - a good place to get help with Photos

  View and add information about the photos

  To view or change information for the photos, you select one or more photos, and then open the information window.

  

  • Open the Info window: Double-click a photo to view it, and then click the Info button in the toolbar or press on command I.

  • Add or change information: Change the following.
    • Title: Enter a name in the title field.
    • Description: In the Description field, type a caption.
    • Favorite: Click the Favorites button to mark the photo as a favorite. Click the button again to deselect.
    • Keywords: Enter the keywords in the keywords field. When you type, Photos suggest keywords that you have used before. Press enter when you have finished a keyword. To remove a keyword, select it and press DELETE.
    • Faces: Click on and type a name to identify a face. Click on several times, and then drag the identifier of the face different faces to identify many faces in a photo.
    • Location: Enter a location in the location field. When you type, Photos suggest places you can choose. To change a location, you can search a different location or change the location by dragging a PIN on the map. To remove location information, delete it or choose Image > location, then choose Remove location or back to the original location. You cannot assign a location if your computer is not connected to the Internet.

  LN

• Even though I've updated to the latest version several times, I get messages from "update." How to stop the input messages?

  I get "upgrade to the latest version of Firefox" messages on my iMac, even if I downloaded the latest version several times. I'm afraid to click on the update message, because it might be spam/virus/whatever. Mozilla tells me that I downloaded the latest version of Firefox successfully. How to stop messages from appearing?

  Hello!

  Thank you to get in touch with us here at Mozilla's Support. I'll do my best to help you.

  To better help you with your question, please provide us with a screenshot. If you need help to create a screenshot, please see How to make a screenshot of my problem?

  Once you have done so, attach the file to screen shot saved to your post on the forum by clicking on the button Browse... under the box to post your reply . This will help us to visualize the problem.

  I see that you are running Firefox 25.0.1. Our latest version is the version of 26. But Firefox should display this update constantly. The screenshot is necessary so I can see if it's a legitimate link to Mozilla.