Search Results

Search found 31501 results on 1261 pages for 'event log'.

Page 48/1261 | < Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55  | Next Page >

  • Continual "The Windows Filtering Platform has blocked a connection" errors?

    - by Richard
    Our systems have been compromised by something recently which has lead us to carry out a more detailed look at what is happening on our workstations. I have noticed an issue where the Security log of this Windows 7 workstation is continually logging a security "Audit Failure" where the detail is that "The Windows Filtering Platform has blocked a connection". This is happening thousands of times a day and would appear to be our BT Business Broadband HGV 2700 ADSL router attempting to connect to Port 137 (NET Bios) on my workstation and being blocked. This has unfortunately had the effect of filling up the log files so much that anything which might have been of use which was logged over the weekend to help debug the intrusion has been "overwritten off the end" of the Security log. (I've since increased the log file size limits massively and turned on archiving). Does anyone know if this is standard behaviour of a BT ADSL router or whether this indicates that the router is compromised in some way or malfunctioning, or have any further suggestions as to how to diagnose this problem?

    Read the article

  • System Account Logon Failures ever 30 seconds

    - by floyd
    We have two Windows 2008 R2 SP1 servers running in a SQL failover cluster. On one of them we are getting the following events in the security log every 30 seconds. The parts that are blank are actually blank. Has anyone seen similar issues, or assist in tracking down the cause of these events? No other event logs show anything relevant that I can tell. Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 10/17/2012 10:02:04 PM Event ID: 4625 Task Category: Logon Level: Information Keywords: Audit Failure User: N/A Computer: SERVERNAME.domainname.local Description: An account failed to log on. Subject: Security ID: SYSTEM Account Name: SERVERNAME$ Account Domain: DOMAINNAME Logon ID: 0x3e7 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: Account Domain: Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc0000064 Process Information: Caller Process ID: 0x238 Caller Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: SERVERNAME Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Schannel Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 Second event which follows every one of the above events Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 10/17/2012 10:02:04 PM Event ID: 4625 Task Category: Logon Level: Information Keywords: Audit Failure User: N/A Computer: SERVERNAME.domainname.local Description: An account failed to log on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: Account Domain: Failure Information: Failure Reason: An Error occured during Logon. Status: 0xc000006d Sub Status: 0x80090325 Process Information: Caller Process ID: 0x0 Caller Process Name: - Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Schannel Authentication Package: Microsoft Unified Security Protocol Provider Transited Services: - Package Name (NTLM only): - Key Length: 0 EDIT UPDATE: I have a bit more information to add. I installed Network Monitor on this machine and did a filter for Kerberos traffic and found the following which corresponds to the timestamps in the security audit log. A Kerberos AS_Request Cname: CN=SQLInstanceName Realm:domain.local Sname krbtgt/domain.local Reply from DC: KRB_ERROR: KDC_ERR_C_PRINCIPAL_UNKOWN I then checked the security audit logs of the DC which responded and found the following: A Kerberos authentication ticket (TGT) was requested. Account Information: Account Name: X509N:<S>CN=SQLInstanceName Supplied Realm Name: domain.local User ID: NULL SID Service Information: Service Name: krbtgt/domain.local Service ID: NULL SID Network Information: Client Address: ::ffff:10.240.42.101 Client Port: 58207 Additional Information: Ticket Options: 0x40810010 Result Code: 0x6 Ticket Encryption Type: 0xffffffff Pre-Authentication Type: - Certificate Information: Certificate Issuer Name: Certificate Serial Number: Certificate Thumbprint: So appears to be related to a certificate installed on the SQL machine, still dont have any clue why or whats wrong with said certificate. It's not expired etc.

    Read the article

  • The previous system shutdown at xxxx was unexpected

    - by m.edmondson
    For the past two nights we had a remote server shutdown unexpectedly. When rebooted we get the following message: Event Type: Error Event Source: EventLog Event Category: None Event ID: 6008 Date: 16/02/2011 Time: 09:10:43 User: N/A Computer: WELPLAN-1 Description: The previous system shutdown at 07:27:32 on 16/02/2011 was unexpected. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: db 07 02 00 03 00 10 00 Û....... 0008: 07 00 1b 00 20 00 42 02 .... .B. 0010: db 07 02 00 03 00 10 00 Û....... 0018: 07 00 1b 00 20 00 42 02 .... .B. Obviously this message doesn't help much, but what does all the hexadecimal mean? Will it help me track down the problem? Any pointers as to where to look?

    Read the article

  • Cannot start eventlog service

    - by ANervousTwitch
    On a windows 2k8R2 DC box the eventlog service wont start. When i try to start the service the machine returns: "Windows could not start the Windows Event Log service on Local Computer. Error 13: The data is invalid." event viewer wont open either. obviously, i dont have an event log for this error. ive already tried clearing the event logs. that didnt do anything. the other DC isnt experiencing this issue.

    Read the article

  • Logformat for catching asked hostname in a *.domain.com scenario?

    - by Dhiraj Gupta
    I have an Apache 2.2 VirtualHost with a *.domain.com Servername. This is required for my scenario, all subdomains are handled with the same site. Now, in the access log, I am trying to figure out a logformat variable (or way) that will let me log the asked for domain name. If I use the vhost_combined format, all I get in my access log is *.domain.com entries, not the actual vhost that was asked for. Anyone know how to do this?

    Read the article

  • Starting scheduled task by detecting connection of USB drive

    - by gemisigo
    I know it has been discussed before several times that it is not possible to start an application from an usb drive when connecting it due to limitations of autorun (or autoplay??) in Win 7. But it is possible to create a scheduled task having On an event type trigger and surely there must be an event occurring when the drive is connected. Does anybody have the slightest idea which Event ID should I use? Or at least what type of event? There are too many logs to pick from.

    Read the article

  • How to control/check CheckPoint rules changes (and another System events)

    - by user35115
    I need to check/control all system events on many CheckPoint FW1 - don't misunderstand - not rules triggering, but events such admins log on, rules changes and etc. I found out that I can make an log export using 2 methods: Grab logs Use special script that redirect Checkpoint log entries to syslog, FW1-Loggrabber But it's not clear for me does such logs also contain information that i need (admins log on, rules changes)? And If yes is it possible to filter events? I also suppose, that if system bases on *nix platform it must be a ploy - use based functions of the system to do what i want. Unfortunately i don't know where to "dig". May be you know? Updated: New info "FW-1 can pipe its logs to syslog via Unix's logger command, and there are third party log-reading utilities" So, the main question is how do my task in the best way? Has anybody already resolved such problem? P.S. I' m new with CheckPoint, so all information will be useful for me. Thank you.

    Read the article

  • How to log php error in a separate file?

    - by Question Overflow
    I just did an upgrade of my server to Fedora 17 and merged some configuration files containing .rpmnew into the existing ones. I have been successfully logging my php errors in a separate log file by keeping the following in php.ini: log_errors = On error_log = /var/log/php-errors.log I am not sure why the errors are being logged to /var/log/httpd/error_log after the upgrade despite keeping the settings above. Also, $ ls -l /var/log/php-errors.log -rwxrwxr--. 1 apache myself 232 Dec 13 16:49 /var/log/php-errors.log shows that apache did own the php error log file. What could be causing PHP errors to be logged into apache error log file?

    Read the article

  • Library like ENet, but for TCP?

    - by Milo
    I'm not looking to use boost::asio, it is overly complex for my needs. I'm building a game that is cross platform, for desktop, iPhone and Android. I found a library called ENet which is pretty much what I need, but it uses UDP which does not seem to support encryption and a few other things. Given that the game is an event driven card game, TCP seems like the right fit. However, all I have found is WINSOCK / berkley sockets and bost::asio. Here is a sample client server application with ENet: #include <enet/enet.h> #include <stdlib.h> #include <string> #include <iostream> class Host { ENetAddress address; ENetHost * server; ENetHost* client; ENetEvent event; public: Host() :server(NULL) { enet_initialize(); setupServer(); } void setupServer() { if(server) { enet_host_destroy(server); server = NULL; } address.host = ENET_HOST_ANY; /* Bind the server to port 1234. */ address.port = 1721; server = enet_host_create (& address /* the address to bind the server host to */, 32 /* allow up to 32 clients and/or outgoing connections */, 2 /* allow up to 2 channels to be used, 0 and 1 */, 0 /* assume any amount of incoming bandwidth */, 0 /* assume any amount of outgoing bandwidth */); } void daLoop() { while(true) { /* Wait up to 1000 milliseconds for an event. */ while (enet_host_service (server, & event, 5000) > 0) { ENetPacket * packet; switch (event.type) { case ENET_EVENT_TYPE_CONNECT: printf ("A new client connected from %x:%u.\n", event.peer -> address.host, event.peer -> address.port); /* Store any relevant client information here. */ event.peer -> data = "Client information"; /* Create a reliable packet of size 7 containing "packet\0" */ packet = enet_packet_create ("packet", strlen ("packet") + 1, ENET_PACKET_FLAG_RELIABLE); /* Extend the packet so and append the string "foo", so it now */ /* contains "packetfoo\0" */ enet_packet_resize (packet, strlen ("packetfoo") + 1); strcpy ((char*)& packet -> data [strlen ("packet")], "foo"); /* Send the packet to the peer over channel id 0. */ /* One could also broadcast the packet by */ /* enet_host_broadcast (host, 0, packet); */ enet_peer_send (event.peer, 0, packet); /* One could just use enet_host_service() instead. */ enet_host_flush (server); break; case ENET_EVENT_TYPE_RECEIVE: printf ("A packet of length %u containing %s was received from %s on channel %u.\n", event.packet -> dataLength, event.packet -> data, event.peer -> data, event.channelID); /* Clean up the packet now that we're done using it. */ enet_packet_destroy (event.packet); break; case ENET_EVENT_TYPE_DISCONNECT: printf ("%s disconected.\n", event.peer -> data); /* Reset the peer's client information. */ event.peer -> data = NULL; } } } } ~Host() { if(server) { enet_host_destroy(server); server = NULL; } atexit (enet_deinitialize); } }; class Client { ENetAddress address; ENetEvent event; ENetPeer *peer; ENetHost* client; public: Client() :peer(NULL) { enet_initialize(); setupPeer(); } void setupPeer() { client = enet_host_create (NULL /* create a client host */, 1 /* only allow 1 outgoing connection */, 2 /* allow up 2 channels to be used, 0 and 1 */, 57600 / 8 /* 56K modem with 56 Kbps downstream bandwidth */, 14400 / 8 /* 56K modem with 14 Kbps upstream bandwidth */); if (client == NULL) { fprintf (stderr, "An error occurred while trying to create an ENet client host.\n"); exit (EXIT_FAILURE); } /* Connect to some.server.net:1234. */ enet_address_set_host (& address, "192.168.2.13"); address.port = 1721; /* Initiate the connection, allocating the two channels 0 and 1. */ peer = enet_host_connect (client, & address, 2, 0); if (peer == NULL) { fprintf (stderr, "No available peers for initiating an ENet connection.\n"); exit (EXIT_FAILURE); } /* Wait up to 5 seconds for the connection attempt to succeed. */ if (enet_host_service (client, & event, 20000) > 0 && event.type == ENET_EVENT_TYPE_CONNECT) { std::cout << "Connection to some.server.net:1234 succeeded." << std::endl; } else { /* Either the 5 seconds are up or a disconnect event was */ /* received. Reset the peer in the event the 5 seconds */ /* had run out without any significant event. */ enet_peer_reset (peer); puts ("Connection to some.server.net:1234 failed."); } } void daLoop() { ENetPacket* packet; /* Create a reliable packet of size 7 containing "packet\0" */ packet = enet_packet_create ("backet", strlen ("backet") + 1, ENET_PACKET_FLAG_RELIABLE); /* Extend the packet so and append the string "foo", so it now */ /* contains "packetfoo\0" */ enet_packet_resize (packet, strlen ("backetfoo") + 1); strcpy ((char*)& packet -> data [strlen ("backet")], "foo"); /* Send the packet to the peer over channel id 0. */ /* One could also broadcast the packet by */ /* enet_host_broadcast (host, 0, packet); */ enet_peer_send (event.peer, 0, packet); /* One could just use enet_host_service() instead. */ enet_host_flush (client); while(true) { /* Wait up to 1000 milliseconds for an event. */ while (enet_host_service (client, & event, 1000) > 0) { ENetPacket * packet; switch (event.type) { case ENET_EVENT_TYPE_RECEIVE: printf ("A packet of length %u containing %s was received from %s on channel %u.\n", event.packet -> dataLength, event.packet -> data, event.peer -> data, event.channelID); /* Clean up the packet now that we're done using it. */ enet_packet_destroy (event.packet); break; } } } } ~Client() { atexit (enet_deinitialize); } }; int main() { std::string a; std::cin >> a; if(a == "host") { Host host; host.daLoop(); } else { Client c; c.daLoop(); } return 0; } I looked at some socket tutorials and they seemed a bit too low level. I just need something that abstracts away the platform (eg, no WINSOCKS) and that has basic ability to keep track of connected clients and send them messages. Thanks

    Read the article

  • RoboCopy Log File Analysis

    - by BobJim
    Is it possible to analyse the log text file outputted from RoboCopy and extract the lines which are defined as "New Dir" and "Extra Dir"? I would like the line from the log contain all the details returned regarding this "New Dir" or "Extra Dir" The reason for completing this task is to understand how two folder structures have change over time. One version has been kept internally at the parent company, the second has been used by a consultancy. For your information I am using Windows 7.

    Read the article

  • Access to Windows 7 log from a remote machine

    - by robob
    I'm trying to access with EventViewer (from a Windows XP Prof) to a remote machine with Windows 7 (Seven). Before I started the Service "RemoteRegistry" I received an "Access Denied". After started the service I can connet to the machine Log (in EventViewer app) but when i clik on any log as "Application" or "Security" I receive a "privilege" error. Could someone help me, please?

    Read the article

  • How long do you keep log files?

    - by Alex
    I have an application which writes its log files in a special folder. Now I'd like to add a functionality to delete these logs after a defined period of time automatically. But how long should I keep the log files? What are "good" default values (7 or 180 days)? Or do you prefer other criteria (e.g. max. used disk space)?

    Read the article

  • Redirecting output from syslog to own log

    - by w0rldart
    So I'm following this tutorial: http://www.howtoforge.com/using-fail2ban-to-block-wrong-ispconfig-logins and the problem I have is that rsyslog won't redirect the output from a file to another /etc/rsyslog.d/12-ispconfig.conf: if $programname == 'ispconfig' then /var/log/ispconfig.log #the file exists But I keep getting the output to syslog: ispconfig[1117]: Login failed for user asdasd on IP XX.XX.XXX.XX Any ideas how to fix this?

    Read the article

  • Slow Query log for just one database

    - by Jason
    can I enable the slow query log specifically for just one database? What I've done currently is to take the entire log into excel and then run a pivot report to work out which database is the slowest. So i've gone and done some changes to that application in the hope of reducing the slow query occurence. rather than running my pivot report again which took a bit of time to cleanse the data i'd rather just output slow queries from the one database possible?

    Read the article

  • logging conntrack connection values into log file

    - by seaquest
    Linux netfilter iptables Conntrack table already has records for bytes and packets on both directions. Is there any way to log those values to a log file while a connection is closing by netfilter. tcp 6 430619 ESTABLISHED src=192.168.0.145 dst=33.42.42.42 sport=53601 dport=22 packets=66560 bytes=14800077 src=33.42.42.42 dst=192.168.1.2 sport=22 dport=53601 packets=89726 bytes=68403910 [ASSURED] mark=0 use=1

    Read the article

  • missing user name in apache log file

    - by nani
    hy every body, We have dokeos application using apache as the web server. when accessing dokeos we have to login, So users who try to access this application , has to login using ID & pwd. But I don't have this ID information in the apache webserver log files. I mean "user name" information is not getting into the log files. Thanks.

    Read the article

  • Windows - How to remotely watch log files

    - by weismat
    I would like to look at some log files solely via the console on a standard Windows 7 machine. The logs are created by schedulded tasks and I find it a hazzle to use VNC for this purpose. What technology should I look at? Powershell, Cygwin via ssh or something else? The log files are written using log4Net - thus there might also be an easy way to reconfigure it to create events or something else for remote display.

    Read the article

  • Apache error log interpretation

    - by HTF
    It looks like someone gained access to my server. How I can find out which Apache vHosts this log is related to? How these commands from the log are invoked and how/why they are printed to the log file - is this some remote shell or PHP script? /var/log/httpd/error_log mkdir: cannot create directory `/tmp/.kdso': File exists --2014-06-13 13:29:17-- http://updates.dyndn-web.com/abc.txt Resolving updates.dyndn-web.com... 94.23.49.91 Connecting to updates.dyndn-web.com|94.23.49.91|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 5055 (4.9K) [text/plain] Saving to: `abc.txt' 0K .... 100% 303K=0.02s 2014-06-13 13:29:17 (303 KB/s) - `abc.txt' saved [5055/5055] % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed ^M 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0^M101 5055 101 5055 0 0 79686 0 --:--:-- --:--:-- --:--:-- 154k minerd64: no process killed minerd32: no process killed named: no process killed kernelupdates: no process killed kernelcfg: no process killed kernelorg: no process killed ls: cannot access /tmp/.ICE-unix: No such file or directory mkdir: cannot create directory `/tmp': File exists --2014-06-13 13:29:18-- http://updates.dyndn-web.com/64.tar.gz Resolving updates.dyndn-web.com... 94.23.49.91 Connecting to updates.dyndn-web.com|94.23.49.91|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 205812 (201K) [application/x-tar] Saving to: `64.tar.gz' 0K .......... .......... .......... .......... .......... 24% 990K 0s 50K .......... .......... .......... .......... .......... 49% 2.74M 0s 100K .......... .......... .......... .......... .......... 74% 2.96M 0s 150K .......... .......... .......... .......... .......... 99% 3.49M 0s 200K 100% 17.4M=0.1s 2014-06-13 13:29:18 (1.99 MB/s) - `64.tar.gz' saved [205812/205812] sh: ./kernelupgrade: Permission denied

    Read the article

  • Transaction Log filling up on SQL database set to Simple

    - by Will
    We have a database on a SQL 2005 server that is set to Simple transaction mode. The logging is set to 1 MB and is set to grow by 10% when it needs to. We keep running into an issue where the transaction log fills up and we need to shrink it. What could cause the transaction log to fill up when its set to Simple and unrestricted growth is allowed?

    Read the article

  • Log viewer server and client

    - by Scott Crooks
    I'm looking for a log viewing solution for (mostly) Linux and (preferably) Windows too. I want to be able to centralize the log information for a lot of servers so that people in the company can see what's going on for different servers. I would guess this would involve having a central server which accepts information from the various computers / virtual machines with (perhaps) a running daemon on each of the servers. Does such a software exist?

    Read the article

< Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55  | Next Page >