Replication of the CSA!

Similar Questions

• Are the CSA English Japanesse, Korean, Spanish, Portuguese,

  Are the CSA English, Japanese, Korean, Spanish, Portuguese-related communities.

  I subscribe to the Portuguese community under a different pseudonym.  I used the same apple ID.

  I would like to sign for the Spanish community.  Should I create a new alias of community? Can I use one of my two existing aliases?

  How items are dealt with between the community.  I got zero for the Portuguese forum.

  I should have gotten the details before.

  R

  You can use the same user name and the ID in all Forums. All Forums are separated. You may only transfer your points for a limited time when Forums began. Points and badges due in a Forum see on another Forum.

  Please stop in the'RE-CSA Forum. We need the talents of high level like get you to help the homegown talent the Forum going. Furthermore, I feel alone.

  I am so proud.

  

• Where can I get the CSA Profiler?

  Could someone tell me where I can get the trial version of the CSA Profiler? I'm not in the download page.

  Thank you

  Nitass

  The profiles/amalysis generator room is included in the download of the software, just to install the trial license for it.

  Tom

• What is the default action of the CSA?

  Hi all

  I'm a newcomer to the CSA. I have a few questions as follows. Could you please clarify it for me?

  1. If all the rules do not match the event, what measures will it take place? Allow or deny?

  2. If the first answer is allow, how it can protect the system from the zero-day attack?

  Thank you very much

  Nitass

  Nitass,

  You are right that if no rules are triggered, CSA does not interfere with the application. But to answer the second half of your original question, CSA protects attacks zero-day monitoring of behavior rather than signatures. In other words, it doesn't matter what the attack code looks like, no matter what he does. For example, if you get attacked by a new virus, not have a signature for your anti-virus software to detect. But if she tries to install a copy on your computer, or tries to install a rootkit, or open a port for listening or scans for other vulnerable hosts, CSA detects these actions and block them.

• Remove the CSA 4.0 to a server that has CSA 5.0 on him as well

  I currently have the management consoles both CSA 4.0 and 5.0 of CSA installed and running from the same server (because of an upgrade). Is there a way to remove CSA 4.0 from the server without impacting the CSA 5.0 server or hosts?

  If not, there is a way to remove the CSA MC 4.0 software, it is possible to turn it off so that it operates more (to an agent / host's point of view)?

  It's been a long time I did, but I think you remove the Management Center for CSA 4.X in Add/Remove programs by choosing Ciscoworks and choose the MC for 4.X as a choice when the initial dialog box appears.

  There may be other ways, but it's the only one I remember.

  Tom

• Corking speed of replication of the nucleus of beneficiary?

  Our set up is Core1 receives the back-ups of the agents, then reply to Core2 off-site more a 15 Mbps WAN and Core3 which is a secondary hub on the spot.

  I want to strangle the replication for Core2, so we don't saturate our EXTENSIVE network, but I don't want to strangle the replication on Core3.

  I expect this, speed adjustment of transfer Max on settings of replication of the Core2 1 MB/s, in the hope of this butterfly on the side, but this does not seem to do anything.

  If I put on Core1 maximum transfer speed, it strangles two replications, which is not what I wanted to do.

  Any suggestions?

  Bandwidth limitation applies only to the outbound replication as is the kernel sends the data and the amount of data sent to dictate. Throttling is a global setting and cannot be defined by the agent of outbound replication or core.

  Suggestion of the WES of replication mult - hop is the only way that you will be able to have optimal bandwidth of reference1 at Core3 and bandwidth limited to Core2.  It will also be the most effective because it will distribute the load of replication evenly Core1 and Core3.  So Core1 replicate at Core3 and Core3 replicate to Core2.  Throttle then bandwidth on the outbound replication of Core3 and you will have reached your goal of all the bandwidth at Core3 and limited bandwidth to Core2 (on the WAN).

  Tim

• [Cisco ACS 5.2] Disk partitions used by display of the CSA?

  Salvation (and happy new year)

  In Cisco ACS 5.2, there are several disk partitions:

  

  Which partition is used by the view of the CSA?

  A document that explains all the features of partitions exist?

  Kind regards

  Patrick

  Patrick,

  I'm not aware of a document that explains all the ACS 5.x Disk Partitions. However, I can assure that the display of the ACS are stored on the/opt partition.

  If you have an ACS 5.x on a Production network, one of the requirements is to install using the 500 GB HARD disk. The / opt folder on a 500 GB ACS reserves 347 Go to this folder (/ opt) because it stores the information in view of the CSA (reports and newspapers). It is the large partition as ACS View data includes all the ACS reports.

  I hope this helps.

  Kind regards.

• General question about the csa

  Hello

  The CSA coverage buffer overflows with all applications?

  Thank you

  Lisa G

  Hi Lisa,

  AFAIK CSA see all buffer overflows if you have an active State and you do not have an exception for an application.

  I have messages from buffer overflow of a bunch of applications and made exceptions for about 40.

  HTH

  Tom

• RDP for the CSA MC using the user state

  I'm trying to activate an administrator remote access to the MC via RDP. The rule is triggered, which denies this action is #262. Is there a way to allow access to the box based on user RDP State? I need what the admin group is part of a DHCP pool so I can't nail down to just its address. Documentation is not very clear in the application of States of the user.

  Sorry for the long answer... I hope this helps...

  YES, it is absolutely possible to do. Let's say your MC is in a group called "MC CSA Group. In this group, you have implemented policies. Beside policies are your rule failet etc... So what you need is to create a new strategy (set it to Windows or Linux, if necessary). You then create a new 'Module of rule' that you attach to the new policy that you just created. When you create the new rule Module, you'll see an article that says "steady-state". Select the option "apply this rule module if the following status conditions are met:" click the checkbox beside of "user state:". "» Selection in the State of the user list, click on 'NEW '. Here, you will need to create a user state based on what you want to be able to RDP to the CSA MC. give the new user to the user a state name. Here you have the choice, you can create a specific user (i.e. If only a domain user id must have access), or you can use a domain or Local Group. (I.e. If the Domain Admins need to access the CSA MC to the RDP). Allows that you want to use the group Active directory 'Domain Admins '... "The corresponding to groups" enter the EXACT name of the domain group (Ex: MYDOMAIN\MYGROUP). Click Save. Select the new status for the user, and then save the new rule module. Assign the new rule module to the new policy and implement the new strategy of the Group CSA MC. Finally, you need to navigate the new rule module that you created and add a NETWORK access CONTROL RULE. Create an allow rule that will allow the termsrv.exe as server TCP/3389. No matter what host (you said they were on DHCP. I recommend to create a specific DHCP scope for users, so you can lock it the most). Save the rule and generate.

• How to turn command of the CSA approval?

  Hello

  I have GBA 4.1 for Windows!

  I test Cisco6513 of authorization of a user command.

  The problem is that the switch is allowing the orders that I denied GBA for that particular user.

  I enclose the screenshots.

  Can someone tell me what I'm missing? Should I put some certain commands in 6513 to activate command of the CSA approval?

  My switch to ACS config is:

  AAA new-model

  AAA server Ganymede group + name1

  Server ACSserver1

  !

  AAA authentication login default group local name1

  enable AAA, activate the default authentication group name1

  AAA authorization exec default group name1 authenticated by FIS

  aaa IP http authentication

  radius-server ACSserver1 host

  done - no radius-server request

  RADIUS-server key xxxxx

  These commands, you are missing

  AAA authorization commands 1 default group Ganymede + authenticated if

  AAA authorization commands 15 default group Ganymede + authenticated if

  AAA authorization config-commands

  Kind regards

  ~ JG

  Note the useful messages

• How to permanently remove it from the event log in the CSA MC

  I run the Cisco Secure Agent 4 deployed on 4 PCs I have enabled documented logging just because it's a test environment & I wanted to see how many events it would generate. Well, last I checked CSA MC (under summary of events) it has more than 300,000 (it's just 300 000) events recorded. I have modified the event handler and applied the new rules, but the machine™ is slooooow both because of more than 300,000 events. Please see the screenshot joint. How do I permanently purge the event log. I used the purge within the CSA MC command but it removed only 10,000 events. The machine is slow so that I can do nothing about it.

  Well, I wanted to send the screenshot, but the machine is slow I can't even attach the file. But in all cases, the problem is that the window summary displays message of more than 300,000 events & I need for permannently remove events.

  Thank you.

  Was the only one I know how is to use "events" and click all events. From there, you can click or purge the events of your choice.

  Also, what are the specifications of server you use?

  I have been involved with MCs with more than 2 x what you have & this server is satisfactory product.

  Hope this helps,

  Peter

• How to make an initial charge followed a change of replication to the same process of the user (Java adapter) output?

  I need to:

  -Complete an initial load from an Oracle database to a user (process Java of an adapter) output process, with:

  TABLE..., SQLPREDICATE "FROM SNA... » ;

  -Then start a normal change of replication from the SNA for the same output of the user process, for example with:

  Register extract... RCS container (...) database...

  Add extract..., tranlog integrated, Yvert...

  I also need to have a clear dividing line between the end of the initial charge and the beginning of replication of change.

  That is, I need to know when the initial charge ended replication in the output of the user.

  I can do the initial charge and the work of replication of change, but I can't figure out how to do the two processes feed at the same exit of user procedure.

  It is because of the initial charge producing "extract files", compared to the extract of change generating the "path of the files', and those who cannot be loaded by the same process of output to the user.

  I don't understand why there is such a distinction and limitation.

  Is there a way to extract initial loading of writing to a log file, which could be picked up by the extract of change?

  If I could turn the extract files into files of trail, that would solve most of my problems.

  I believe that those who have exactly the same file formats (as is from logdump), and the only difference is that tracks have an additional checkpoint file. My understanding is correct?

  Is there a hack that would allow me to turn extract files in a path?

  Thanks in advance for any idea,

  --

  Romain Lenglet

  Roman. [email protected]

  1 do the initial load and wait for it to complete. Let's say the initial load generated more trails

  / tmp/ab000000

  / tmp/ab000001

  / tmp/ab000002

  / tmp/ab000003

  2. stop the initial load snippet once its done.

  3. set up an excerpt from capture of change online and mention the same prefix for trail

  EXTTRAIL/tmp/ab

  Now, the important thing is to let the extract online from sequence 4 and we do this with the following command,

  ggsci > Add ext ,...

  ggsci > add exttrail/tmp/ab, seqno 4, ext

  When we add the checkpoint of trail, we ask the extract from the sequence 4

  You can then start out it online and it will send sequence 4.

  4 then add and start an extract from pump to read the sequence 0 trail and run with PASSTHROUGH

  Thank you

  REDA

• SRM 5.5 - vSphere replication - error: impossible to reverse the replication for the Virtual Machine. A snapshot operation cannot be performed

  Hi all, we have just run a test DR failover of a couple of virtual machines in our protected our failover site and all site swung perfectly, two virtual machines came online and all applications work well. However when we cam to r-eprotect machines virtual, we get some errors.

  One of the virtual machines seems to have lived the reprotect end process, it is still running, but has not moved to 89% for some time. The virtual machine has a couple of grand (a little less than 2 TB) VMDK. slow progress is just a consequence of the large VMDK?

  More worrisome is the virtual machine which don't reprotect at all. It generates an error whenever I click on the "Restore" button (error: impossible to reverse the replication for the Virtual Machine.) A snapshot operation can not be performed).

  
  Does anyone have any ideas as to the cause?

  Thanks in advance for any help.

  Andy

  Finally got to the bottom of this. The issue was that reprotect SRM work was trying to dispel any snapshots that were taken on the computer object virtual destination in VMWare, but could not clean snapshots.

  The reason why snapshots would not consolidate was because it was snapshots of temporary VEEAM who in fact any snapshot file listed in the VSAN data store. So when we looked through the browser data store, no snapshot file existed in the virtual computers folder. Trying a manual removal also failed.

  To fix this, we created a snapshot of the virtual machine in the original data center (note is the engine to the bottom of the virtual machine), this effect was to get rid of the 'fade' snapshot that was visible in the Snapshot Manager that VEEAM backup had left behind. Once this had disappeared, the reprotect back to DCA worked perfectly.

• Pause/Stop replication in the RV MRS

  Hello

  I guess migrate VMS from one datacenter to another data center and it was a matter of time so I decided to configure replication of vSphere so that I can migrate the virtual machine.

  Now I see the virtual machine on the target DC but I want to stop replication now in DC source as my goal was to see the virtual machine in the target DC. I need to stop the virtual machine to the DC source and re - configure the virtual machine on the target site. Also, for your information I have not configured those VMS in any protection and recovery plan because I use only for reasons of migration of the VR. I can see the target clustered vmdk files. Looking for expert advice. Thank you

  vm2014

  Hello

  What VR version do you use? If 5.1 or the next day, you can use the vSphere IU of replication in the Web Client. The vCenter-> monitor-> incoming replication tab you will see 'Recover' button once you select the specific virtual machine replication. In the current versions, the recovery of customer Web VR Assistant is for a virtual machine at a time.

  Time to decide to go with the migration, you can:

  1. explicitly call "Sync" of the user interface, while the source VM THAT is always on - to submit recent changes on the target site.

  2. stop / power off from the source of the VM.

  3. call the wizard of recovery of the VR UI in the Web Client to the target site. You can choose to replicate any recent changes made when closing (after synchronization point in step 1.).

  4. the VR task will consolidate the newspaper waiting for Redo on the site target on basic disks, update the .vmx replicated and other configuration files and enter them as VM on vCenter target inventory. VR without SRM uses a shadow virtual machines on the target site. VM is only recorded in step 4.

  Please consult the official documentation to perform a recovery with vSphere replication

  Please also note:

  1 stop the replication (instead of the wizard of recovery of the VR UI for the Web Client or the SRM Recovery Plan) will clean all disks and configuration files created by VR to the data store (s) from the target, unless the collection has already been completed and the replication of the "Recovered" status

  2. remove the source VM (or its host to vCenter source inventory), will automatically stop the replication - 1. above.

  Kind regards

  Martin

• Is it possible to use vSphere replication within the same site?

  Hello

  I was wondering if I could use vSphere replication in the same data center. The idea would be to have a configuration without shared storage appropriate for HA.

  Thank you!

  elgreco81

  Yes, it's not a problem at all. You can have a single unit of replication running and replicate to another data store.

  André