Recommendations of logging

Are there recommendations regarding when you choose to open a session at the beginning or end?  I know in some circumstances, the only option is to immediately because of the packet dropped, but what about in other situations?

For example, I have an access control rule that has balanced security and a defined strategy for IPS connectivity and a custom policy file.  The action is set on allow which should still block bad things, if it goes through.  Is it better to open a session at the beginning or end?

My default action for this policy has the network discovery.  Is it better to open a session at the beginning or end?

The only other place that I have enabled logging is in SSL policies and you can only connect at the end.

The problem is that I came across a problem where CME seems to have very few events (like maybe an hours value), whereas before, I had days worth so I feel that I now have too many records enabled.  The virtual appliance that resembles it culminates at connection of 10 M running events.

If you want see what happens on the network and keep track, you have logging enabled.

I suggest to use end-of-connection in there also.

Political SSL you can have it with end of connection as the political SSL must decide and then open a session that will be better.

Rate if helps.

Yogesh

Tags: Cisco Security

Similar Questions

  • Error 80070005 when tried to install windows media player 11

    Original title: windows media to the high-grade player

    When you try to upgrade to mp 11 I get error 80070005. I have xp pro sp3 and mp10.

    I have down loaded the installation of ms, disabled virus and malware protection, ran 360amigo, norton, superantispyware and malware bytes. any suggestins. Thank you

    Hi dee0243,

    1. don't you make changes before the show?

    Error code 80070005 means generally that you're not quite authorized to install the program. We recommend that log you in as administrator and then try to install media player 11.

    If the problem persists, try the following steps:
    a. download and run Microsoft fix this article (the same article can be followed when you get access denied error during installation)
    b. Once you have run the hotfix, restart the computer.
    c. install Windows Media Player 11 and check the result.

    Note: Running Microsoft Fix that it the article will reset the registry and the file permissions.

    Visit our Microsoft answers feedback Forum and let us know what you think.

  • Very strange thing happening with Vista administrator/Standard username/password - please read!

    I have a serious problem, I was using a standard account for awhile until I decided to activate the Admin account, I have created a password for it BUT disabled then the password and when I used the Standard account and needed permission from Admin to do something in the standard, IT would BE STILL ASK me for PASSWORD BUT I did NOT NEED TO TYPE IT I just clicked OK and it went through

    The problem I have now is that I have disabled the administrator account from the command prompt (net user administrator / active: No.) to use only the standard, BUT NOW IT ALWAYS ASK me for THE ADMIN PASSWORD, BUT IT IS No. BOX to TYPE IT IN AND I can't USE a PROGRAM, I see a box with an "OK". I can't click or password I can't type in

    Now when I try to activate the administrator account with the user Standard order confirmation, it wont let me not allow him, so my Admin account is lost and I can't get Permission to do anything as a Standard user, I'm not a windows vista disc, I need advice on how to enable Admin account again Thank you.

    Hey, Vincenzo. If I read that post of the OP correctly the problem is not one of the password lost, but rather that he or she does not have a current administrative user on the system. It disabled the administrator built-in, but I forgot to make one administrative account, leaving only a user active Standard on the system.

    "DismalDaze" - try to go to Safe Mode. Although the built-in administrator is disabled, if there is no other administrative user on the system administrator can be activated in Mode without failure. Go in Safe Mode, press the F8 key as the computer starts. If you see an icon for administrator on the Welcome screen, connect to it and set up your users as recommended at the end of this post.

    If you don't see the icon for the administrator mode safe account, then the built-in Administrator account is always disabled and you will need to work more. If you have an installation of Vista DVD (not a recovery DVDs), you can start the system with it. Select the default language, then select "repair your computer". Then select "Command Prompt". At the command prompt, type:

    NET user administrator / Active: Yes [Enter]

    [Note: do not enter the brackets!]

    If you do not have a Vista installation DVD (only have a recovery disk), the computer mftr. may have given you the option to repair Vista (not a system recovery!) system in the diagnostic menu. This menu of diagnosis is the same one where you can choose Safe Mode.  Or you can do a repair file Vista bootable DVD in this link:

    http://NeoSmart.net/blog/2008/Windows-Vista-recovery-disc-download/

    Note: All the Neosmart recovery disk downloads are torrent files. There is a good explanation of the torrent on the site Web of Neosmart files. You will need a torrent asmuTorrent client to get the files. Torrent client will download the .iso file with which to create the bootable DVD. You will need the third-party burning software such as Nero, Roxio or the free ImgBurn (www.imgburn.com ) to burn the .iso image image file, not in the form of data.

    Now remove the rescue CD/DVD, you have done, reboot Windows and log on to the built-in Administrator account, you enabled. After you have created your additional administrative account by the recommendations below, log in there and disable the administrator built-in yet for security reasons:

    Start Orb > Search box > type: cmd
    When cmd appears in the above results, right-click and choose "Run as Administrator" [OK]. Now, you will get the command prompt. At the command prompt, type:

    NET user administrator / active: No. [Enter]

    Exit the command prompt.

    General recommendations for creating users in Vista:

    You absolutely don't want to have only one user account. As XP and all the other modern operating systems, Vista is a multi-user system with integrated system of accounts as default Administrator and comments. These accounts should be left alone because they are part of the structure of the operating system.

    In particular, you do not want one account user with administrative privileges on Vista because the administrator account integrated (normally only used in emergencies) is disabled by default. If you use as an administrator for your daily work, and this account is corrupt, things will be difficult.  It is not impossible to activate the built-in administrator to rescue things, but there may be more that you want to do. Better not to put you in a bad situation at first.

    The user account that is for your daily work must be a Standard user, with the extra administrative user (call it something like 'CompAdmin' or 'Tech' or similar) only it for elevation purposes. As a user Standard is recommended for security reasons and will help protect your computer against infections. After you have created "CompAdmin", connect to it and change your normal user account Standard. Then log on to your regular account.

    If you want to go directly to the desktop and ignore the Welcome screen with the icons of the user accounts, you can do this:

    Start Orb > Search box > type: netplwiz [Enter]
    Click continue (or provide an administrator password) when you are prompted by UAC

    Uncheck "users must enter a user name and password to use this computer". Select a user account to connect automatically by clicking on the account you want to highlight and press OK. Enter the password for this user account (when it exists) when you are prompted. Leave blank if there is no password (null).

    MS - MVP - Elephant Boy computers - don't panic!

  • Stop, unplanned

    Periodically, a small screen will come in saying ' Windows will be end in 1 minute.  As promised, widows stops and the computer restarts automatically, requiring a log in.  This usually happens shortly after her arrival off mode 'SLEEP' but sometimes in the middle of a business meeting, too.  Why is this happening and how can I stop it?  Is this a legitimate MS notification or is the byproduct of some bug or malware?  My computer has the standard suite of protections of Vista and I have AVG 9.0.  (The time that they are programmed to scan do not coincide with the shutdown notification) It always seems to happen at an inopportune moment and sometimes makes me lose the job.  This has started happening in the last month or two.

    When you see this message, and then press Windows key + R and open run. or go to the start menu and type RUN

    then type: shutdown-a

    and press ENTER, if the message has disappeared, then it is a problem with an infection or something else. I recommend you log on:

    http://OneCare.live.com/site/en-us/Center/whatsnew.htm

    and use and complete analysis system run Internet Explorer for browsing and of course pop up blocker is on.

    Check your Windows Firewall and make sure it is on, see the Windows Security Center and make sure everything is on.

  • Enabled: false in StandardListItem (bug or not?)

    enabled: false property in StandardListItem just change UI to gray, but

    nav.deprecatedPushQmlByString(chosenItem.file);

    works in active: State false

    This is the bug or not?

    Hello

    To disable the list items, you have the right code in your title:

    enabled: false

    However, items can still be selected, which is in conflict with the API:

    https://developer.BlackBerry.com/Cascades/reference/bb__cascades__control.HTML#enabled

    I highly recommend you log a problem for this one here:

    https://www.BlackBerry.com/JIRA/secure/dashboard.jspa

    Thank you!

    Martin

  • Repeat 7 GB Logsize!

    RDBMS Version: 11.2.0.3
    Platform RHEL 5.8

    We're DB configuration for an application from a third-party vendor. The seller is suggesting to create online redo log size of 7 GB!
    Is this normal? In my 8-year career, I never met ORLs of this size.

    They say without this size there will be too many switches. This application is pretty busy OLTP.

    Hello

    We're DB configuration for an application from a third-party vendor. The seller is suggesting to create online redo log size of 7 GB!
    Is this normal? In my 8-year career, I never met ORLs of this size.

    They say without this size there will be too many switches. This application is pretty busy OLTP.

    Rather than believe you them, you can always question them as to why they need 7 GB in size redolog. Oracle recommends a log switch occur approximately every 20 minutes. Switch journal too frequent and too late has adverse effects on performance.

    You will have to study the environment, redo log generation must be analysed and appropriate sizing must be determined. Most likely you have a Test that is run, so that in the checklist.

    I hope this helps.

    Thank you &

    Best regards

  • Since SQL SERVER 2005 to Oracle 10.2

    Hello

    How can we transfer DB from sql server 2005 to Oracle 10.2.0.1?

    Thank you
    Brij

    DBF, is not sql server.
    >
    SQL Server databases have three types of files:

    *

    Primary data files

    The primary data file is the starting point of the database and points to the other files in the database. Each database has a primary data file. The file name extension recommended for primary data files is .mdf.
    *

    Secondary data files

    Secondary data files include all files of data, other than the primary data file. Some databases may not have secondary data files, while others have multiple secondary data files. The file name extension recommended for secondary data files is .ndf.
    *

    Log files

    Log files hold all the log information used to recover the database. There must be at least one log file for each database, although there may be more than one. The file name extension recommended for log files is .ldf.
    >

    for dbf to oracle, see http://asktom.oracle.com/pls/asktom/f?p=100:11:0:P11_QUESTION_ID:711825134415

  • colleagues, I need some help 'staged system' approach / autoconfig/upgrade

    Gentlemen - I have a problem,

    Will to upgrade R12.0.4 on CARS (32-bit linux) R12.0.6 RAC 11.2 10.2 (linux 64 bit) on new hardware with minimal downtime.

    The plan is to use a 'Staging system' approach where we will clone the system to new servers and new topology (the new system has a few different intermediate etc.) while current production is still running.
    Then while the company is still underway off the coast of the old Kit we will be upgraded to - end the copy on the new servers (which is not used at this time).

    so now the system we cloned on the new servers, we will:
    change DB wordsize to 64-bit
    change DB 11.2.0.1 worm
    then run the 12.0.6 patch to upgrade the system as a whole (db and app nodes) to 12.0.6
    the history of patch of the export of the db using adphmigr.ph (no db)

    (If at this stage, we have 2 systems one) old production and b) completely new system on the new kit

    now, we must make the prod system nedw (b) system, so we need to get current data prod transferred with minimal downtime, so we intend to (a weekend):
    (1) complete the business on the current prod
    (2) move the database to upgrade to the new system (b) (ignore the system (a) in the future)
    ((3) rapidclone the prod (a) database to the new servers for the system (b) (in replacement of the db we come to fall) (we have only configure db - no application of bleachers and yet they're 12.0.6 awaits us) database (b) now contains current information)
    (4) convert newly cloned db to new (b) servers to 64-bit - then upg to 11.2.0.1
    (5) run 1 12.0.6 autoconfig high (sys b) to associate with the new db (X)
    then run adpatch (I can safetly run among the 12.0.6 adpatch new levels? against the 12.0.4 db) of a 12.0.6 high with nocopyportion nogenerate, so that it only upgrades the db to 12.0.6
    (6) to perform automatic configuration of all other midtiers associated with the db
    (7) start the history of patch in the db via adpatch for each appl_top

    what the above reasonable sound?
    (x) safe above? (to associate a 1206 Middle 1204 db?)

    comments gratefully received
    Martin

    what the above reasonable sound?

    It seems reasonable to me. However, I recommend you log an SR and confirm with the support of the Oracle if your approach is taken in charge or not. Additionally, if you could try in the same place on a TEST first instance to avoid errors and problems you may experience.

    (x) safe above? (to associate a 1206 Middle 1204 db?)

    Yes, but are you planning to create the appsutil.zip file, copy it to the node of the database layer and remove it? If Yes, I would expect a few problems because of the mismatch between the 12.0.4 database and 12.0.6 application.

    Thank you
    Hussein

  • Need recommendation for PIX logging software

    Hello

    I need a recommendation for a PIX software logging so that I can better manage my PIX 525 and 515 firewall. I am currently using Cisco Syslog and I want something that I can set up specific, priority alerts, send email or page... etc. Your help would be most appreciated.

    Thank you

    You can use: KIWI Syslog

    http://www.kiwisyslog.com/software_downloads.htm#download%20Now

    Commercial products:

    Cisco VMS = http://www.cisco.com/go/vms

    Sawmill = http://www.sawmill.net/

    IQR = http://www.eiqnetworks.com/products/products.shtml

    sincerely

    Patrick

  • recommended OS size for redo log block

    Hello

    AIX platform
    Oracle 10.2.0.4

    Is there any system recommended filesystem blocksize where redo log should be placed?
    We tested with 512 bytes to 4 096 bytes. We got the best performance over 512 bytes in terms of waiting avg on synchronization of log file.
    There's recommendation on the same oracle/AIX?

    978881 wrote:
    Hello

    AIX platform
    Oracle 10.2.0.4

    Is there any system recommended filesystem blocksize where redo log should be placed?
    We tested with 512 bytes to 4 096 bytes. We got the best performance over 512 bytes in terms of waiting avg on synchronization of log file.
    There's recommendation on the same oracle/AIX?

    The recommendation is to create logs of recovery on a mount with agblk = 512bytes. Please refer following link (page 60) which is an oracle + IBM technical brief:

    http://www-03.IBM.com/support/techdocs/atsmastr.nsf/5cb5ed706d254a8186256c71006d2e0a/bae31a51a00fa0018625721f00268dc4/ $FILE/Oracle%20Architecture%20and%20Tuning%20on%20AIX%20 (v%202.30) .pdf

    Kind regards
    S.K.

  • Redo Log size recommended

    Hello all,.

    For a while I myself have wondered what would be the correct redologsize for a database.
    I found the note
    the new 10g feature: REDO LOG SIZING ADVISORY [ID 274264.1]

    who says:
    '+ Rule switching newspapers maximum once every fifteen minutes. + »

    Well, I came across a DB with about 3 logswitches per minute (OEL 4.6 environment RAC 10 g 2).
    Do you think that this number is WAY over what it should be? What are your redolog sizes?

    The note mentioned also using the instance_recovery view v$ to give advice on the size redolog, which takes into account the MTTR.

    Thank you.
    ARO
    Pinela.

    Published by: Pinela on November 7, 2011 14:42

    Pinela wrote:
    Thank you all for you comments,

    jgarry,
    Yes, it is a good idea. For the moment, no, there are no errors, messages or complaints. In this case, the impact of the size redolog, refers to restore and cloning operations.

    Aman,
    "more than 4-5 swithces an hour - in general is considered correct". Interestingly, it is a good basis.

    Give more context. The DB in questions about 800 GB, redologs with 50 MB in size and is logswitches 3/4 times each minute (as mentioned earlier) and 1,200 users.

    With these new values, do you everything keep or change your mind?
    I would recommend changing the size redolog to 1 or 2 GB.

    500 MB is very small for a database of ~ 800 GB. For about 2-3 GB of the size of redo log file should be a good start. But please note that only affecting the size of the log file again X value cannot solve the problem. Would be also filled too quickly? If IMO as well as to define the size of redo log to about 3 GB file, you should consider the parameter ARCHIVE_LAG_TARGET so a value which you should expect to maintain for the switching log (as already suggested by others). This would let you control the speed of switching rather than being dependent on the size of the log file or database activity.

    HTH
    Aman...

  • [ADF, JDev12.1.3] That is the approach recommended to store the information of the logged-on user?

    Hallo,

    I would like to know which are:

    • approaches possible and advised to store the main information (which will be used throughout the application) of the user that is logged;
    • for each of the approaches that are the main advantages and disadvantages.

    For example

    I have my doubts if store info in variables private module request or if I'd better use the HttpSession.

    The use of HttpsSession back to store the information in a range session bean?

    A scope session bean should be used only to store information?

    Sorry if these question may be stupid but I'm starting to take care of the security of my application and I am a bit confused about the available possibilities.

    I use ADF Essentials, so I can't use ADFSecurity.

    Thank you

    Federico

    I have my doubts if store info in variables private module request or if I'd better use the HttpSession.

    Never use app module variables to store data. If you need to store data in the model project, you can use the UserData card, but you must implement the serialization/deserialization.

    Read this blog post for more information: http://andrejusb.blogspot.com/2012/05/solution-for-sharing-global-user-data.html

    The use of HttpsSession back to store the information in a range session bean?

    They are similar.

    Difference is that you can put data directly to the session http (as an attribute) and if you use managed bean then keep you data in the attributes of bean and framework will put bean in scope of the session.

    A scope session bean should be used only to store information?

    Well, do not store the amount of data in session bean because it will influence the performance of the server (if the number of users increases you need more RAM, if you assign more RAM to the server it will be time for garbage collection, will also increase if you have clustering then great session bean (s) will increase the time of synchronization of the session) ", etc...)

    Dario

  • How can I clear my history when I close it, but remember my login details so I don't have to log in again everytime I go on sites Firefox?

    Not call explanation. I put clear history when I close it, but remember active connections, and when I reopen it the Firefox browser, I have to log in again.

    Hello hanshotfirst1138, many of the sites will store the information that you are connected in a cookie, if make you disappear to the stop, then you will need to identify you the next time you open the browser.

    I would recommend this configuration: in the privacy options select "firefox will use the custom settings for history" and "keep cookies until firefox is closed. subsequently to create exceptions for the websites you want to stay connected. You can also easily adjust for the current of the site you're on right click on an empty spot then go on see information page > permissions.

    Enable and disable the cookies that Web sites use to track your preferences

  • Why make a white box instead of a log in box and others...?

    When I try to click on some sites that have something pop up to log and so on, instead it shows a white box.

    For example, I tried to log on kinklive. Here's how it is on Firefox before and after I click on "log in".

    http://imgur.com/a/4CGzV

    And it's here on Google Chrome after I click on "log in".

    http://imgur.com/wc3rayZ

    So why do the white box on Firefox?

    Hello

    You use a nightly build of Firefox which is intended only for testing. However, I recommend that you download the latest version of Firefox, or try reinstalling your nightly build.

    Some Firefox problems can be solved by performing a clean reinstall. This means that you remove Firefox program files, and then reinstall Firefox. Please follow these steps:

    Note: You can print these steps or consult them in another browser.

    1. Download the latest version of Firefox from http://www.mozilla.org office and save the installer to your computer.
    2. Once the download is complete, close all Firefox Windows (click on quit in the file menu or Firefox).
    3. Remove the Firefox installation folder, which is located in one of these locations, by default:
      • Windows:

        • C:\Program Files\Mozilla Firefox
        • C:\Program Files (x 86) \Mozilla Firefox
      • Mac: Delete Firefox in the Applications folder.
      • Linux: If you have installed Firefox with the distribution-based package manager, you must use the same way to uninstall: see Install Firefox on Linux. If you have downloaded and installed the binary package from the Firefox download page, simply remove the folder firefox in your home directory.
    4. Now, go ahead and reinstall Firefox:
      1. Double-click on the downloaded Setup file and go through the steps in the installation wizard.
      2. Once the wizard is completed, click to open Firefox directly after clicking the Finish button.

    More information on the resettlement of Firefox can be found here.

    WARNING: Uninstaller or the use of Firefox and not run a third remover as part of this process, because who could permanently delete your Firefox data, including but not limited to, extensions, cache, cookies, bookmarks, personal settings and passwords saved. These can be recovered, unless they have been backed up on an external device!

    Please report back to see if this helped you!

    Thank you.

  • Whenever I log on my computer, I get an urgent message from FireFox. Details below.

    Daily for 3 days now, when I log on my computer, I get a message that says: "it is highly recommended that you apply this update for firefox as soon as possible."
    He said then "View more information on this update" it I cannot display more information (by clicking on the underlined blue color line) and I tried to apply the update and it does not load. The green line will just back and forth until I finally just close the page from loading. When I try to load by pressing the button 'Next' it says connect to something like trying to connect to download the program now.
    Now I am not questioning if it's spam or if there is a reason my computer will not load this update. As I said before it is not what the update is... makes me a little nervous now that my computer has refused to allow him to update twice.
    I tried to copy the page to send you, and it does not allow me to copy.

    You are welcome.

    If you have need of all these steps you probably have software security that are to protect or lock files, you may need to keep an eye on it, if you are having other problems with the update of files or to back up personal data.

Maybe you are looking for