This is how I setup an ICMP-echo IP SLA on my Cisco Router to monitor when my internet goes out. If it goes down, I re-route traffic (I’ve excluded this part of the config). When it comes back up, I set the routing/NATing back to the original state (again, excluded from this post).

IP SLA Configuration:

ip sla 10
 ! Connection Monitor
 icmp-echo source-interface GigabitEthernet0/0
 frequency 10
ip sla schedule 10 life forever start-time now

Configure Cisco Embedded Event Manager (EEM) to handle an UP or DOWN state of SLA 10:

event manager applet primary_circuit_down
 event track 10 state down
 action 1.0 syslog msg "Primary Circuit is DOWN"
 ! You can insert other commands here to do something useful...
event manager applet main_circuit_up
 event track 10 state up
 action 1.0 syslog msg "Primary Circuit Appears UP"
 ! You can insert other commands here to do something useful...

This is the SLA configuration overview:

ciscorouter#sh ip sla conf
IP SLAs Infrastructure Engine-III
Entry number: 10 (Primary Circuit Monitor)
Operation timeout (milliseconds): 5000
Type of operation to perform: icmp-echo
Target address/Source interface:
Type Of Service parameter: 0x0
Request size (ARR data portion): 28
Verify data: No
Vrf Name:
   Operation frequency (seconds): 10  (not considered if randomly scheduled)
   Next Scheduled Start Time: Start Time already passed
   Group Scheduled : FALSE
   Randomly Scheduled : FALSE
   Life (seconds): Forever
   Entry Ageout (seconds): never
   Recurring (Starting Everyday): FALSE
   Status of entry (SNMP RowStatus): Active
Threshold (milliseconds): 5000
Distribution Statistics:
   Number of statistic hours kept: 2
   Number of statistic distribution buckets kept: 1
   Statistic distribution interval (milliseconds): 20
Enhanced History:
History Statistics:
   Number of history Lives kept: 0
   Number of history Buckets kept: 15
   History Filter Type: None

Statistics of the IP SLA:

ciscorouter#sh ip sla stat
IPSLAs Latest Operation Statistics

IPSLA operation id: 10
        Latest RTT: 32 milliseconds
Latest operation start time: 17:42:41 EDT Fri Mar 30 2012
Latest operation return code: OK
Number of successes: 103
Number of failures: 0
Operation time to live: Forever


Windows Security Logon Types

Event 528 and Event 540 are the Logon events. Event 528 is for all logons except “network” logons. “Network” logons are SMB/Microsoft-DS logons (i.e. connecting to a share). RDP, IIS, FTP logons, etc., are event 528 even though credentials may have come from over the network. All event 540’s are logon type 3.


Logon type Logon title Description
2 Interactive A user logged on to this computer at the console.
3 Network A user or computer logged on to this computer from the network.
4 Batch Batch logon type is used by batch servers, where processes might run on behalf of a user without the user’s direct intervention.
5 Service A service was started by the Service Control Manager.
7 Unlock This workstation was unlocked.
8 NetworkCleartext A user logged on to a network and the user password was passed to the authentication package in its unhashed (plain text) form. It is possible that the unhashed password was passed across the network, for example, when IIS performed basic authentication.
9 NewCredentials A caller (process, thread, or program) cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but it uses different credentials for other network connections.
10 RemoteInteractive A user logged on to this computer remotely using Terminal Services or a Remote Desktop connection.
11 CachedInteractive A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials.

Cacti mobile browser for android.



Direct link:

Took a few snaps of the moon tonight using my Canon SX30IS.  One day I’ll spend more time with this camera and really learn how to take some great photos… One day!

compose new post
go to top
go to the next post or comment
go to the previous post or comment
toggle comment visibility
cancel edit post or comment