Wednesday, November 23, 2016

Create Custom Views using XPath on WINDOWS Event LOGs

Create Custom Views using XPath on WINDOWS Event LOGs

:example event for filter

*[System[(EventID=6278)]] and
*[EventData[Data[@Name='NASIPv4Address'] = 'xxx.xxx.xxx.xxx']] and
*[EventData[Data[@Name='NASIdentifier'] = 'FreeRadius-Profile']] and
*[EventData[Data[@Name='NASIdentifier'] = 'Captive-Portal-Profile']] and
*[EventData[Data[@Name='SubjectUserName'] ='user@domain.com']] and
*[EventData[Data[@Name='SubjectDomainName'] ='DomainName']] and

:Template XPath on Windows Event LOGs

<QueryList>
  <Query Id="0" Path="Security">
    <Select Path="Security"> <----- ( Application,Security,Setup,System, Forward Event )
        *event for filter
        *event for filter
        *event for filter
    </Select>
  </Query>
</QueryList>


:filter by domain and LOGON Success/Fail

<QueryList>
  <Query Id="0" Path="Security">
    <Select Path="Security">

        *[System[(EventID='6278') and (EventID='6273')]] and
        *[EventData[Data[@Name='SubjectDomainName'] ='DomainName']]

    </Select>
  </Query>
</QueryList>


:filter by domain and username
<QueryList>
  <Query Id="0" Path="Security">
    <Select Path="Security">
        *[EventData[Data[@Name='SubjectUserName'] ='user@domain.com']] and
        *[EventData[Data[@Name='SubjectDomainName'] ='DomainName']
    </Select>
  </Query>
</QueryList>
at No comments:

Monday, November 21, 2016

Clear User Session palo alto

show user ip-user-mapping ip xxx.xxx.xxx.xxx
clear user-cache-mp ip xxx.xxx.xxx.xxx
clear user-cache ip xxx.xxx.xxx.xxx
at No comments:

Sunday, November 13, 2016

MAC OS error "no matching host key type found. Their offer: ssh-dss "

edit file /etc/ssh/ssh_config
1. Scroll down until you see this line: 
         #   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
2.  Delete the pound sign, which will un-comment that line and make it active.

3. Now scroll down to the bottom of the document and add this line:  
        HostkeyAlgorithms ssh-dss
at No comments:

Tuesday, November 8, 2016

Dynamic Link aggregate Alcatel Lucent

lacp linkagg 11 size 2 actor admin key 11
lacp agg 1/15 actor admin key 11
lacp agg 1/16 actor admin key 11

lacp linkagg 12 size 2 actor admin key 12
lacp agg 1/17 actor admin key 12
lacp agg 1/18 actor admin key 12

lacp agg no sw_port
no lacp linkagg link_num
at No comments:
Subscribe to: Posts (Atom)

ALCATEL 6900

write memory copy running certified reload from working no rollback-timeout