Cisco :: S370 - Getting Critical Messages After Installation
Jul 27, 2011
After installing a S370, and upgrading AsyncOS, I have critical messages such as:
An application fault occurred: ('journal/base.py _check_file_size|371', "<class 'journal.exceptions.CorruptError'>", 'CorruptError: File size does not match (33328990208 38708391936)', '[coeuslog/coeuslogd.py run|909] [coeuslog/coeuslogd.py _run|872] [journal/base.py mount|437] [journal/base.py _mount|493] [journal/base.py _recovery|577] [journal/base.py _check_file_size|371]')
Product: Iron Port S370 Web Security Appliance
Model: S370
Version: 7.1.0-307
Serial Number: 842B2B49C468-CNLVX4J
Timestamps: 27 Jul 2011 12:16:03 +0200
I have an issue with my lms 4.2 installation.I have created a fault notication group which sends me an email when an alert is active on a device.Some of the devices are deleted from the inventory, but when I restart my deamon manager. I receive alerts for all the devices I have deleted in the past.I get this email in my inbox.When I check "Monitor - SNMP traps - fault notification group" I can't see any of the devices for which I receive the email alert?
EVENT ID = 00024PS TIME = Fri 01-Feb-2013 11:03:59 CET STATUS = Active SEVERITY = Critical MANAGED OBJECT = switch MANAGED OBJECT TYPE = Switches and Hubs
Critical voice vlan feature, used to place a newly authenticating phone when radius server is dead into appropriate voice vlan, seems to be a new feature and I find the documentation to be incomplete. Do the following switches support this feature in any IoS versions? WS-C4510R, 4506, 3560, 3550,2960s.
Is it possible to automatically shutdown the OUTSIDE interface on a Cisco ASA 5520 in case of intrusion?.
In my opinion if there is an attempt of intrusion, just the device would stop it. If it cannot detect it, how can the device recognize the event and so shutdown the interface?. Am I correct?
I have been monitoring the alarm summary but have been off couple days and i see one of my controllers is down. Getting critical level security and message is port is down on the controller, condition link down. The other issue is config difference found between NCS and Contoller, I tried getting them to sync together but still getting the same message.
I have noticed poe log messages in my cisco 857 router, looking around there is mention of a cosmetic ios bug pertaining to 877 router but not the 857. BUG - CSCsd68389. Why i am getting these errors on my 857?
001586: Oct 5 11:25:06.499 NZST: esw_dtc_ltc4258_reg_write: no acknowlege from POE 001587: Oct 5 11:25:06.499 NZST: esw_mrvl_pdc_hardware_config failed on slot 0/0 001601: Oct 5 13:06:29.879 NZST: esw_dtc_ltc4258_reg_write: no acknowlege from POE 001602: Oct 5 13:06:29.879 NZST: esw_mrvl_pdc_hardware_config failed on slot 0/0 001603: Oct 5 13:06:31.387 NZST: esw_dtc_ltc4258_reg_write: no acknowlege from POE 001604: Oct 5 13:06:31.387 NZST: esw_mrvl_pdc_hardware_config failed on slot 0/0
we're trying to integrate our SBC instances (CUBE SP on ASR1000) into our network management system (EMC SMARTS)Syslog messages from SBC instances are some kind of cumbersome with lot of line breaks resulting in multiple syslog messages the NMS must parse.How do I configure it to just put it all into one line just as "normal" log messages?
I have a new install of LMS 4.2 on a virtual appliance. No syslog messages are getting into LMS. They are being received by the server, but are showing up in /var/adm/CSCOpx/log/dmgtd.log, and aren't getting processed by SyslogAnalyser.
My Cisco devices send syslog messages to LMS but it wont`t show any messages from device. Older LMS 3.2 and other collector showe all syslog messages. What to do with LMS 4.0.1?
I have a newly installed LMS 4.1 that had the Syslog feature working for a while.
Recently, the Syslog is no longer displaying any records (neither new or old messages).
Below are the steps I have tried to troubleshoot the problem: - Installed wireshark : Syslog messages are being received by the LMS server on time - In the Syslog.log file, I can see that all the Syslog messages are being logged properly - I tried to disable all the "Syslog Message Filters" but nothing changed
In the SyslogCollector.log, I can find the below logs: NMSROOT is C:/PROGRA~2/CSCOpx propFileC:/PROGRA~2/CSCOpxMDC omcatwebapps meWEB-INFclassesC:PROGRA~2CSCOpxMDC omcatwebapps [Code]....
I have a small problem with a lot of invalid syslog messages in LMS 3.2. Something about 30% of all messages are invalid.
Is there any posibility to get out from which devices those messages are?
Is it a big problem for the application if there are such a lot of invalid messages? I have a lot of devices in my LMS and don't want to get high load because of such unneeded messages.
I have a Cisco ASA 5505 I've configured as a DHCP server. I'm getting DHCP on workstations attached to the appliance, but I'm getting the following message when the appliance loads:DHCP Client: can't enable DHCP Client when DHCP Server/Relay is running on the interface DHCP: Interface 'inside' is currently configured as SERVER and cannot be changed to a CLIENT by a CLIENT featureI'm not trying to configure this thing as a client, so I'm not sure why the system is producing this message.
provide input on what these Traceback messages are and how they are caused:
*Mar 15 23:07:57.250: %SERVICE_MODULE-4-WICNOTREADY: Unit Serial0/1/0 not ready for next command -Traceback= 0x41173B5C 0x40371894 0x40371928 0x40371CE0 0x40372794 0x40369AF0 0x40382908 0x4037FEB4 0x4037FF80 0x41EF56B4 0x41EF95E4 0x41EEA51C 0x41F12B00 0x42183F44 0x42183F28*Mar 15 23:08:00.250: %SERVICE_MODULE-4-WICNOTREADY: Unit Serial0/1/0 not ready for next command -Traceback= 0x41173B5C 0x40371894 0x40371928 0x40371CE0 0x40372794 0x40369AF0 0x40382908 0x4037FEB4 0x4037FF80 0x41EF56B4 0x41EF95E4 0x41EEA51C 0x41F12B00 0x42183F44 0x42183F28*Mar 15 23:08:03.250: %SERVICE_MODULE-4-WICNOTREADY: Unit Serial0/1/0 not ready for next command -Traceback= 0x41173B5C 0x40371894 0x40371928 0x40371CE0 0x40372794 0x40369AF0 0x40382908 0x4037FEB4 0x4037FF80 0x41EF56B4 0x41EF95E4 0x41EEA51C 0x41F12B00 0x42183F44 0x42183F28.... and so on.
We recieved this for one of our routers. Rebooting it worked, so it's likely a software bug and we will upgrade the IOS soon, but I would like to understand what these log messages.
I am constantly getting a few errors in my ASA 5510 and 5505 from the same IP. The IP of my NMS server, which has also stopped recieving SNMP data from these two VPNs.
Syslog Id: 713048 Error process payload: Payload ID: 1 Syslog ID: 713902 Removing peer from peer table failed. No Match. Syslog ID: 713903 Error: Unable to remove PeertblEntry
I have tried to configure ACL to let traffic through. SNMP traffic to be more precise, but since I am fairly new to cisco firewalls and SNMP in general this has proven very difficult.
we have a L2L tunnel between ASA 8.2.5 to Cisco Router. Recently we see tunnel is going down and shows messages in ASA about ESP packet discard. Below is the message.%ASA-7-710006: ESP request discarded from x.x.x.x to outside_int:x.x.x.At the same time from router the tunnel shows up but ASA not. We see CSCso 50226 which matches exactly with our issue.As a workaround we were resetting tunnel from router. It comes up and runs for a week.
My customer is seeing these Errors coming up on one of his 2504 WLC's (ver7.3) The MAC's and IP addresses Mentioned seem to be completely fictitious as the customers IP plan is way off these subnets and the vendor lookup tool cant resolve the MAC addresses.I can confirm that there is no conflict.I've seen them appear on other 2504's across his network on seperate occasions.
How can I filter outbound sys log messages, so they include only configuration changes messages..
On Cisco 2900 I used:
logging discriminator CFG LOG msg- body includes "PARSER" | "CONFIG"
logging host x.x.x.x discriminator CFG LOG
logging x.x.x.x
How can I do the same on 4507? This feature on Cisco routers is called "Reliable Delivery and Filtering for Sys log" and is available for 12.4(11)T and 12.2(33)SRB (7600) . I am running Version 12.2(25)EWA6 on my Catalyst, so it is not available.
The software I am using is a simple solar winds sys log server.
I think I got a strange behavior on a context of my WS-SVC-FWM-1 (on a Catalyst 6509 running IOS 12.2(18)SXF17a) that is running FWSM Firewall Version 4.1(3). This context sends these log messages every ten minutes:
Jul 17 2011 23:31:16: %FWSM-6-302010: 0 in use, 0 most used Jul 17 2011 23:31:17: %FWSM-6-302010: 2245 in use, 107133 most used [code]...
If I issue the "show conn" three seconds later the log message, the output I got is: FWSM# sh conn 1041 in use, 107133 most used
In another context on the same FWSM the log message sent every ten minutes is just this one:
Jul 17 2011 23:31:17: %FWSM-6-302010: 1358 in use, 72503 most used Jul 17 2011 23:41:22: %FWSM-6-302010: 1590 in use, 72503 most used
In this case there is no the log message where the "in use" field and "most used" field are 0 (zero). why does the context send the message with the "in use" field and "most used" field 0 (zero).
Our building used to have a very old server that basically just served as a place for teachers to store files and not much else. We have just changed ISPs and decided that we no longer needed the server at all. I disconnected the server from the network and replaced the old ISP's modem with the new ISP's modem. At first, everything seemed OK. My computer and several other teachers' connected to the Internet with no problem. However, some of the computers in the building could not connect. We get error messages with "limited or no connectivity." Part of me thought that perhaps the connections themselves are bad. However, when I take my laptop to classrooms with trouble connecting - mine connects easily using their cables. If I move their computers to my room, their laptops still won't connect. I have put my computer side-by-side with another one to make sure the settings were the same (auto-detect IP, DNS, etc.) and can't find differences. This problems is affecting our Windows 7, Vista, and XP computers the same.
I recently got multiple messages from Avast Virus giving me this message.Object: Infection URL:Mal, Process: CWINDOWSsystem32svhost.exe I have run Malewarebytes and a full boot scan with Avast and and I have not been able to get the message to stop showing up. how to stop this?
Yesterday after booting my comp up I wanted to get on the internet but for the first time in years with my set up it just wouldn't connect, never done this before, we have a wireless O2 box upstairs which my son has a ethernet directly from the wireless router into his comp and my other son has a notebook (same as mine) and both of them were online but mine just wouldn't connect although I had nothing to say anything was wrong, o2 told me that if the other computers were online then it must be something on my comp that is causing the trouble ? but what could it be ? after three hours offline I rebooted and it was fine and got onto the internet no trouble, this morning it again wouldn't let me online and then bingo it just came on again at 4pm very strange to me
I am using a verizon wifi unit. I us outlook 2007. I can receive emails but I cannot send emails. How can I adjust the settings to send emails using my wifi?
Is there a way or software can I use to send messages to all wirelessPCs in my network without doing any configurations or installation on those PC.I've used net send command for that, but is there another way?
I'm getting below msgs in my ZBFW logs on my test router. .Apr 2 23:09:43: %FW-6-DROP_PKT: Dropping icmp session 115.186.192.153:0 10.40.2.100:0 on zone-pair ZP-OUTSIDE-INSIDE class class-default due to DROP action found in policy-map with ip ident 0
The bit I'm curious about is that I am NOT NAT-ting any ICMP. Hence why is the ZBFW even triggering against the LAN IP? It should only activate after NAT according to order of operations (and hence why unlike CBAC you put the inside local IP not the outside global IP).....
If the ICMP was directed at the WAN interface (not the 10.40.2.100 internal IP) then it is allowed, but morever even if blocked it should be logged against my WAN IP (which is publicly routable not a 10.x internal).
