Search Results

Search found 21131 results on 846 pages for 'binary log'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 83/846 | < Previous Page | 79 80 81 82 83 84 85 86 87 88 89 90  | Next Page >

  • How can i find the trigger of an acpi event ?

    - by n00ki3
    My Server shutsdown . Evertime at midnight. The acpi Event power_button is triggered. at /etc/acpi/events/power_button power_button: # care about the power button event=button/power.* action=/usr/lib/acpid/power_button How can i find out the "Caller" or the Trigger of this event ?

    Read the article

  • How can I read pcap files in a friendly format?

    - by Tony
    a simple cat on the pcap file looks terrible: $cat tcp_dump.pcap ?ò????YVJ? JJ ?@@.?E<??@@ ?CA??qe?U?????h? .Ceh?YVJ?? JJ ?@@.?E<??@@ CA??qe?U?????z? .ChV?YVJ$?JJ ?@@.?E<-/@@A?CA??9????F???A&? .Ck??YVJgeJJ@@.??#3E<@3{n??9CA??P???F???<K? ??`.Ck??YVJgeBB ?@@.?E4-0@@AFCA??9????F?P????? .Ck???`?YVJ?""@@.??#3E?L@3?I??9CA??P???F????? ???.Ck?220-rly-da03.mx etc. I tried to make it prettier with: sudo tcpdump -ttttnnr tcp_dump.pcap reading from file tcp_dump.pcap, link-type EN10MB (Ethernet) 2009-07-09 20:57:40.819734 IP 67.23.28.65.49237 > 216.239.113.101.25: S 2535121895:2535121895(0) win 5840 <mss 1460,sackOK,timestamp 776168808 0,nop,wscale 5> 2009-07-09 20:57:43.819905 IP 67.23.28.65.49237 > 216.239.113.101.25: S 2535121895:2535121895(0) win 5840 <mss 1460,sackOK,timestamp 776169558 0,nop,wscale 5> 2009-07-09 20:57:47.248100 IP 67.23.28.65.42385 > 205.188.159.57.25: S 2644526720:2644526720(0) win 5840 <mss 1460,sackOK,timestamp 776170415 0,nop,wscale 5> 2009-07-09 20:57:47.288103 IP 205.188.159.57.25 > 67.23.28.65.42385: S 1358829769:1358829769(0) ack 2644526721 win 5792 <mss 1460,sackOK,timestamp 4292123488 776170415,nop,wscale 2> 2009-07-09 20:57:47.288103 IP 67.23.28.65.42385 > 205.188.159.57.25: . ack 1 win 183 <nop,nop,timestamp 776170425 4292123488> 2009-07-09 20:57:47.368107 IP 205.188.159.57.25 > 67.23.28.65.42385: P 1:481(480) ack 1 win 1448 <nop,nop,timestamp 4292123568 776170425> 2009-07-09 20:57:47.368107 IP 67.23.28.65.42385 > 205.188.159.57.25: . ack 481 win 216 <nop,nop,timestamp 776170445 4292123568> 2009-07-09 20:57:47.368107 IP 67.23.28.65.42385 > 205.188.159.57.25: P 1:18(17) ack 481 win 216 <nop,nop,timestamp 776170445 4292123568> 2009-07-09 20:57:47.404109 IP 205.188.159.57.25 > 67.23.28.65.42385: . ack 18 win 1448 <nop,nop,timestamp 4292123606 776170445> 2009-07-09 20:57:47.404109 IP 205.188.159.57.25 > 67.23.28.65.42385: P 481:536(55) ack 18 win 1448 <nop,nop,timestamp 4292123606 776170445> 2009-07-09 20:57:47.404109 IP 67.23.28.65.42385 > 205.188.159.57.25: P 18:44(26) ack 536 win 216 <nop,nop,timestamp 776170454 4292123606> 2009-07-09 20:57:47.444112 IP 205.188.159.57.25 > 67.23.28.65.42385: P 536:581(45) ack 44 win 1448 <nop,nop,timestamp 4292123644 776170454> 2009-07-09 20:57:47.484114 IP 67.23.28.65.42385 > 205.188.159.57.25: . ack 581 win 216 <nop,nop,timestamp 776170474 4292123644> 2009-07-09 20:57:47.616121 IP 67.23.28.65.42385 > 205.188.159.57.25: P 44:50(6) ack 581 win 216 <nop,nop,timestamp 776170507 4292123644> 2009-07-09 20:57:47.652123 IP 205.188.159.57.25 > 67.23.28.65.42385: P 581:589(8) ack 50 win 1448 <nop,nop,timestamp 4292123855 776170507> 2009-07-09 20:57:47.652123 IP 67.23.28.65.42385 > 205.188.159.57.25: . ack 589 win 216 <nop,nop,timestamp 776170516 4292123855> 2009-07-09 20:57:47.652123 IP 67.23.28.65.42385 > 205.188.159.57.25: P 50:56(6) ack 589 win 216 <nop,nop,timestamp 776170516 4292123855> 2009-07-09 20:57:47.652123 IP 67.23.28.65.42385 > 205.188.159.57.25: F 56:56(0) ack 589 win 216 <nop,nop,timestamp 776170516 4292123855> 2009-07-09 20:57:47.668124 IP 67.23.28.65.49239 > 216.239.113.101.25: S 2642380481:2642380481(0) win 5840 <mss 1460,sackOK,timestamp 776170520 0,nop,wscale 5> 2009-07-09 20:57:47.692126 IP 205.188.159.57.25 > 67.23.28.65.42385: P 589:618(29) ack 57 win 1448 <nop,nop,timestamp 4292123893 776170516> 2009-07-09 20:57:47.692126 IP 67.23.28.65.42385 > 205.188.159.57.25: R 2644526777:2644526777(0) win 0 2009-07-09 20:57:47.692126 IP 205.188.159.57.25 > 67.23.28.65.42385: F 618:618(0) ack 57 win 1448 <nop,nop,timestamp 4292123893 776170516> 2009-07-09 20:57:47.692126 IP 67.23.28.65.42385 > 205.188.159.57.25: R 2644526777:2644526777(0) win 0 Well...that is much prettier but it doesn't show the actual messages. I can actually extract more information just viewing the RAW file. What is the best ( and preferably easiest) way to just view all the contents of the pcap file? UPDATE Thanks to the responses below, I made some progress. Here is what it looks like now: tcpdump -qns 0 -A -r blah.pcap 20:57:47.368107 IP 205.188.159.57.25 > 67.23.28.65.42385: tcp 480 0x0000: 4500 0214 834c 4000 3306 f649 cdbc 9f39 [email protected] 0x0010: 4317 1c41 0019 a591 50fe 18ca 9da0 4681 C..A....P.....F. 0x0020: 8018 05a8 848f 0000 0101 080a ffd4 9bb0 ................ 0x0030: 2e43 6bb9 3232 302d 726c 792d 6461 3033 .Ck.220-rly-da03 0x0040: 2e6d 782e 616f 6c2e 636f 6d20 4553 4d54 .mx.aol.com.ESMT 0x0050: 5020 6d61 696c 5f72 656c 6179 5f69 6e2d P.mail_relay_in- 0x0060: 6461 3033 2e34 3b20 5468 752c 2030 3920 da03.4;.Thu,.09. 0x0070: 4a75 6c20 3230 3039 2031 363a 3537 3a34 Jul.2009.16:57:4 0x0080: 3720 2d30 3430 300d 0a32 3230 2d41 6d65 7.-0400..220-Ame 0x0090: 7269 6361 204f 6e6c 696e 6520 2841 4f4c rica.Online.(AOL 0x00a0: 2920 616e 6420 6974 7320 6166 6669 6c69 ).and.its.affili 0x00b0: 6174 6564 2063 6f6d 7061 6e69 6573 2064 ated.companies.d etc. This looks good, but it still makes the actual message on the right difficult to read. Is there a way to view those messages in a more friendly way? UPDATE This made it pretty: tcpick -C -yP -r tcp_dump.pcap Thanks!

    Read the article

  • creating a journal/blog

    - by DijnsK
    hi, im trying to replace our current journal (excel sheet) with a web portal based journal. something kind of like twitter, but with more options. also needs to have a login so we can track the people entering. it can also be some sort of tool but i cant find anything that meets our demands... i could use a ITIL ticket service but that has way to much functionalities for our use. im basicly looking for a webportal with a shared blog, where users can login and creat new entries with: a topic name a automated follow-up ID number a field where they can enter specific info a reply field and a status field with pre defined statuses can anyone help me with this? thanks in advance. Koen

    Read the article

  • Can Windows logoff events be tracked?

    - by Massimo
    I'm working on an application to track network user logon/logoff events in an Active Directory domain; the application will work by auditing security logs on domain controllers. Auditing logon events can get somewhat tricky, but it can succesfully be done. My problem: how can I track logoff events? Based on some research I've done, it looks like these events are only logged locally on workstations, but not on DCs; also, the "lastLogoff" attribute exists on AD user objects, but it's not actually used by anyone. This is a very specific question: is something logged on DCs when a user logs off from a domain workstation? To clarify: I'm not intereseted in other auditing mehods, I can't deploy logon/logoff scripts and I can't install anything anywhere; I also know opened and closed network sessions are logged, but this is not what I'm looking for. I need to audit interactive logons and logoffs to domain workstations, and I can do this by only reading domain controllers security logs; reading each workstation's local event logs is out of question. If this can't be done, it's ok; but I need a clear answer on that. Can this be done? If yes, how?

    Read the article

  • LogParser query to grab only external IP addresses from IIS logs?

    - by Josh
    I'm working on a public website that is used by both external visitors and internal employees. I'm after the external visitor hits, but I can't think of a good way to filter out the internal IP ranges. Using LogParser, what is the best way to filter IISW3C logs by IP range? This is all I've come up with so far, which can't possibly be the best or most efficient way. WHERE [c-ip] NOT LIKE (10.10.%, 10.11.%) Any help is appreciated.

    Read the article

  • Source of Unexplained Requests in Server Logs

    - by Synetech inc.
    Hi, I am baffled by some entries in my server logs, specifically the web-server logs. Other than normal, expected traffic, I have noticed three types of request errors (eg 404, etc.): Broken links, ie links from old, external pages that point to pages that are no longer here Sequences of probes, ie some jerk trying to hack in by scanning my server for a series of exploitable admin type pages and such What appear to be completely random requests for things that have never existed on the server or even have anything to do with the server, and appear by themselves (ie not a series of requests like the probes) Could it somehow be a mistyped URL or IP? That’s about the only thing that I can think of, but still, how could I get a request on say, foobar.dyndns.org (12.34.56.78) for something like www.wantsfly.com/prx2.php or /MNG/LIVE or http://ant.dsabuse.com/abc.php?auth=45V456b09m&strPassword=X%5BMTR__CBZ%40VA&nLoginId=43. (Those are a few actual requests from my logs.) Can someone please explain scenario three to me? Thanks.

    Read the article

  • NTFS Error - file system structure is corrupt and unusable

    - by SomeGuy
    My Windows 7 (64) keeps completely locking up, and I have to hold the power button to shit it down. Event logs are showing EventID 55. I realize that this can be a warning sign of an impending disk failure, but my data on this machine is safely backed up and I don't feel like taking the time to replace the drive right now. When I have seen this problem before, I have been able to delete the offending folder with a Linux Live CD. (When CHKDSK /F didn't work). In this case, the folder is from VSS. I assume this is from Crashplan, my online backup provider. What are the ramifications of deleting this folder from Linux? Is it safe to do? "The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy26."

    Read the article

  • IIS EventLog Errors

    - by chris
    I keep getting this error in my event viewer on IIS 6. I'm trying to figure out if my error resets my connection (maybe recycles the worker processes?). The error is: An attempt was made to load filter 'C:\Program Files\Software Artisans\FileUp \FileUpIsapi.dll' but it requires the SF_NOTIFY_READ_RAW_DATA filter notification and this notification is not supported in Worker Process Isolation Mode. For more information, see Help and Support Center at http://go.microsoft.com/fwlink /events.asp.

    Read the article

  • Elastic Beanstalk and IIS logs

    - by user195744
    I have an ELB app and when logging into an instance and looking at the IIS logs I see something like the following: 2013-10-18 17:14:25 10.240.27.2 GET /FSViewer/Img.aspx trcid=451847431&vhtid=391833142 80 - 10.210.107.159 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.1;+WOW64;+Trident/6.0) 200 0 0 140 The 10.240.27.2 address always repeated, which is the load balancer? So how do I find out the IP addresses that are hitting my server?

    Read the article

  • How to analyse logs after the site was hacked

    - by Vasiliy Toporov
    One of our web-projects was hacked. Malefactor changed some template files in project and 1 core file of the web-framework (it's one of the famous php-frameworks). We found all corrupted files by git and reverted them. So now I need to find the weak point. With high probability we can say, that it's not the ftp or ssh password abduction. The support specialist of hosting provider (after logs analysis) said that it was the security hole in our code. My questions: 1) What tools should I use, to review access and error logs of Apache? (Our server distro is Debian). 2) Can you write tips of suspicious lines detection in logs? Maybe tutorials or primers of some useful regexps or techniques? 3) How to separate "normal user behavior" from suspicious in logs. 4) Is there any way to preventing attacks in Apache? Thanks for your help.

    Read the article

  • Eventlog entry for allowed connection in Windows Firewall

    - by Jaap
    I was seeing a lot of entries in the eventlog: The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Inbound Source Address: 10.xxx.xxx.xxx Source Port: 80 Destination Address: 10.xxx.xxx.xxx Destination Port: 31773 Protocol: 6 Filter Information: Filter Run-Time ID: 67903 Layer Name: Receive/Accept Layer Run-Time ID: 44 We have a loadbalancer which checks every second to see if the application is still running (a health check). The logs contain large amounts of this kind of entries, which makes the Event Viewer slow and it's difficult to find the more interesting logs. How do I make sure these messages don't end up in the event logs?

    Read the article

  • What is a quick way to report login/logout times on Windows 2003?

    - by blueberryfields
    I have about a dozen servers, and I am looking to quickly find out all of the login/logout times, for a subset of users, for all servers, during January. Is there a quick, easy way to get this information (faster and easier than manually combing through the security logs)? I would rather not replicate any work - are there any publicly posted tools or scripts that already implement a solution to this problem?

    Read the article

  • Lots of strange IP addresses in my Windows Firewall logs. Concern?

    - by gmoore
    Was trying to debug a Samba sharing issue with Mac OS X so I turned on logging for my Windows Firewall. I didn't expect a lot of conections but the thing filled up quickly. Here's a sample: 2009-12-21 08:49:32 OPEN-INBOUND TCP 192.168.0.4 192.168.0.3 56335 139 - - - - - - - - - 2009-12-21 08:49:33 OPEN-INBOUND TCP 192.168.0.4 192.168.0.3 56337 139 - - - - - - - - - 2009-12-21 08:50:02 OPEN UDP 192.168.0.3 68.87.73.242 1389 53 - - - - - - - - - 2009-12-21 08:50:02 CLOSE TCP 192.168.0.3 212.96.161.238 1391 80 - - - - - - - - - 2009-12-21 08:50:02 OPEN UDP 192.168.0.3 68.87.71.226 60290 53 - - - - - - - - - 2009-12-21 08:50:02 OPEN TCP 192.168.0.3 212.96.161.238 1391 80 - - - - - - - - - 2009-12-21 08:50:02 OPEN TCP 192.168.0.3 212.96.161.238 1393 80 - - - - - - - - - 2009-12-21 08:50:04 CLOSE TCP 192.168.0.3 212.96.161.238 1393 80 - - - - - - - - - 2009-12-21 08:50:41 CLOSE UDP 192.168.0.3 192.168.0.4 137 50300 - - - - - - - - - I can pick out the local IP addresses (192.168.0.3 is my Windows XP machine, 192.169.0.4 is Mac OS X) as I debug the Samba issue. But some of the others resolve to Comcast (my ISP) and others resolve to weird hosts like van-dns.com and navisite.net. It doesn't look like any connection sent/received any bytes. I used the reference here: http://technet.microsoft.com/en-us/library/cc758040%28WS.10%29.aspx. Is it a cause for concern?

    Read the article

  • Make logwatch reports more interesting?

    - by Alexander Shcheblikin
    Is it possible to improve the quality of reports from logwatch? Like make it not just report disk usage which doesn't even change much in daily operation, but report significant changes in usage or approaching critical capacity levels? If I cannot do that with logwatch and instead have to write custom scripts to produce such reports, logwatch appears to be pretty useless, or even dangerous, as many users reportedly grow to ignore emails from it knowing they are so boring.

    Read the article

  • Timestamp in Tomcat logs is wrong

    - by Thody
    For some reason, the timestamp in my Tomcat logs is off. The system clock is correct, and set to PST, but the Tomcat logs appear to be using GMT. I haven't been able to find this setting anywhere...hoping someone can shed some light. Thanks

    Read the article

  • Distributed Server Monitoring Solution

    - by MaterialEdge
    I belong to an independent IT firm that manages and maintains about 50 business clients networks, ranging from small 5 system networks to 200+ systems. Because we are unable to directly monitor each server at these locations (distributed over a very large area) on a regular basis I am looking for a method to monitor and alert us to any problems that may arise so that we can respond quickly with, hopefully, preventative measures. I'm not sure what solutions are available for this type of situation, but something that utilizes a central server at our business with all client servers sending alerts or logs to it for daily monitoring might work best. All these servers are running a Windows Server OS. In your opinion, what would be the best course of action to accomplish this?

    Read the article

  • SQL Server plus small files

    - by user1467163
    I have a MSSQL server, 3 volumes, that runs some processes that seem to take way too long. One of these processes reads in a zip file, then writes to a database based on what's in the zip file.... for each record. I have 2 volumes in use and am creating the third- so I am trying to plan how to do this. OS has to remain on vol. 1. The TLogs should probably go on the new volume and the mdf's on the existing vol.2.. Do I put the file store on the volume with the MDF's so they don't interfere with the TLog writes, or with the TLogs so they don't interfere with the TLog flush to the MDFs? I know it's best to have more servers / volumes but I have to make do with whats on hand for now. I appreciate any suggestions.

    Read the article

  • Windows Login Failure

    - by Chris Bateson
    I'm getting an error in the Event Viewer, which is also generating a lot of Logon Failure messages on our syslog server. Pretty much stuck on how to resolve. EventID: 536 Logon Type: 3 Reason: The NetLogon component is not active This is for a Windows Server 2003 system. I have checked here We're using Shavlik Protect 9 to scan and deploy patches. Shavlik stores the credentials for the systems and uses those stored credentials to deploy patches. This system is able to scan and deploy to other systems on the network using those credentials and no errors are generated. When installing to the local system that Shavlik is physically on then this error is generated. Whats interesting is that it doesn't generate during a scan, and the patches install fine. We've contacted Shavlik to get the response that they are unable to help since it's a Microsoft error. Has anyone seen this?

    Read the article

  • How to strip logfile with grep to remove various dispensable information?

    - by NES
    My logfile has the following format: Dec 26 13:11:48 192.168.1.1 kernel: ACCEPT IN=br0 OUT=vlan1 SRC=192.168.1.2 DST=74.125.43.147 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=9312 DF PROTO=TCP SPT=11733 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B4) Now i'm trying to remove some dispensable information to make the output better readable and well arranged and put it into a new file. The result should look like this and should only have the following information: Dec 26 13:11:48 192.168.1.2 74.125.43.147 TCP SPT=11733 DPT=80 How to do it?

    Read the article

  • Network Services disabled (not starting) on Windows XP

    - by Rickesh John
    I am currently running Windows XP Service Pack 3 on my system. But today, when I failed to connect to the internet, via a LAN cable, I realized that almost all of the vital network services had stopped functioning. Any attempts to start it through services.msc gives me the following message: Could not start the DNS Client Service on Local Computer Error 1068: The dependency service group failed to start All my software or services that are related to networking have stopped functioning, for example, Windows Firewall is turned off permanently, so is my Avast Anti-Virus' service of Real Time Shields and Web Shield. When I insert the LAN wire into my laptop, it registers itself, but this is what I get when I do a ping localhost C:>ping localhost Unable to contact IP driver, error code 2 Moveover, with ipconfig I get this : Windows IP Configuration An internal error occurred: The request is not supported. Please contact Microsoft Product Support Services for further help. Additional Information: Unable to query host name On some further poking around, I saw that none of the "NETWORK SERVICE" process in task manager, except svchost.exe were running. Also, when I first opened the task manager, I saw some 20 processes running with username column empty for most of them. With some search in Google, I found out that these services were important, DHCP DNS Net logon Network connection Network location Awareness TCP/IP Net BIOS Helper none of them, except Network Connections are working, they do not start. The event viewer of my system shows a bunch of 7000 and 7001 event errors. I have tried re installing the network driver, booting in safe mode with networking and tried to enable those services mentioned above. I had disabled System Restore some time back, so I have no restore points for my system. I tried a lot of things from Google searches but none of them worked. Also, with such a long list of issue, I am a little confused as to what should I search on the internet. :( One more thing I would like to mention, previous morning, my anti-virus Avast detected a RootKit buried deep in my system folders. It was removed, but maybe this was a problem caused by the root kit. I did run a boot-time scan but no viruses were found. Please please please advice. Is formatting and re-installation of Windows my only option?

    Read the article

  • Tell if IIS is being asked to serve compressed pages?

    - by Graham
    Hi, I'm trying to find out if our IIS server is being asked to serve pages compressed. I'm a noob regarding a lot of this so am working my way through the issues. We're using IIS 6.0 and have correctly turned compression on. If I use Fiddler2 to analyse the HTTP requests via localhost, then Fiddler reports that the pages are compressed. If we then access the server over the network, either via its external URL or via the internal server name, Fiddler reports those pages as uncompressed. Therefore, it's logical to assume that something is getting in the way - presumably our ISA server. Our ISA administrator states that ISA is configured to allow compressed requests but what I want to do is to look at the requests coming through to IIS to see if IIS is being asked to serve pages compressed. I'm fairly convinced that our request is going to ISA, ISA is forwarding these, but not with the "compression" details - therefore IIS is not performing any compression. I've looked at the IIS logs but can't see anything obvious about the HTTP request. Is there any way I can check, on the web server itself, this sort of information? One thing that is confusing, but it may be normal, is that the Client IP making the request is not the orignal PC (i.e. mine) and not the ISA firewall, but the web server itself... Thanks

    Read the article

  • Get Zipped Logs from a Remote Server

    - by Jonathan
    I am tasked with trying to find a way to download zipped logs from a remote server. There are quite a bit of these logs and they are constantly created. I do have limited ssh access to the remote server and can scp or rsync the files. However, due to the sheer size of these logs file, I do not want to rsync all of them. The logs could get to terabytes and for rsync to compare them may take some time. I only want to get any new file that was created/last updated an hour ago. I also am worried that I will rsync logs that are in the process of being created, so I was thinking to only rsync files that were last modified 3-5 minutes ago. Would anyone be so kind as to help me with such a process? Thank you in advance.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 79 80 81 82 83 84 85 86 87 88 89 90  | Next Page >