This is how I setup an ICMP-echo IP SLA on my Cisco Router to monitor when my internet goes out. If it goes down, I re-route traffic (I’ve excluded this part of the config). When it comes back up, I set the routing/NATing back to the original state (again, excluded from this post).
IP SLA Configuration:
ip sla 10 ! Connection Monitor icmp-echo 18.104.22.168 source-interface GigabitEthernet0/0 frequency 10 ip sla schedule 10 life forever start-time now
Configure Cisco Embedded Event Manager (EEM) to handle an UP or DOWN state of SLA 10:
event manager applet primary_circuit_down event track 10 state down action 1.0 syslog msg "Primary Circuit is DOWN" ! You can insert other commands here to do something useful... event manager applet main_circuit_up event track 10 state up action 1.0 syslog msg "Primary Circuit Appears UP" ! You can insert other commands here to do something useful...
This is the SLA configuration overview:
ciscorouter#sh ip sla conf IP SLAs Infrastructure Engine-III Entry number: 10 (Primary Circuit Monitor) Owner: Tag: Operation timeout (milliseconds): 5000 Type of operation to perform: icmp-echo Target address/Source interface: 22.214.171.124/GigabitEthernet0/0 Type Of Service parameter: 0x0 Request size (ARR data portion): 28 Verify data: No Vrf Name: Schedule: Operation frequency (seconds): 10 (not considered if randomly scheduled) Next Scheduled Start Time: Start Time already passed Group Scheduled : FALSE Randomly Scheduled : FALSE Life (seconds): Forever Entry Ageout (seconds): never Recurring (Starting Everyday): FALSE Status of entry (SNMP RowStatus): Active Threshold (milliseconds): 5000 Distribution Statistics: Number of statistic hours kept: 2 Number of statistic distribution buckets kept: 1 Statistic distribution interval (milliseconds): 20 Enhanced History: History Statistics: Number of history Lives kept: 0 Number of history Buckets kept: 15 History Filter Type: None
Statistics of the IP SLA:
ciscorouter#sh ip sla stat IPSLAs Latest Operation Statistics IPSLA operation id: 10 Latest RTT: 32 milliseconds Latest operation start time: 17:42:41 EDT Fri Mar 30 2012 Latest operation return code: OK Number of successes: 103 Number of failures: 0 Operation time to live: Forever
Windows Security Logon Types
Event 528 and Event 540 are the Logon events. Event 528 is for all logons except “network” logons. “Network” logons are SMB/Microsoft-DS logons (i.e. connecting to a share). RDP, IIS, FTP logons, etc., are event 528 even though credentials may have come from over the network. All event 540’s are logon type 3.
|Logon type||Logon title||Description|
|2||Interactive||A user logged on to this computer at the console.|
|3||Network||A user or computer logged on to this computer from the network.|
|4||Batch||Batch logon type is used by batch servers, where processes might run on behalf of a user without the user’s direct intervention.|
|5||Service||A service was started by the Service Control Manager.|
|7||Unlock||This workstation was unlocked.|
|8||NetworkCleartext||A user logged on to a network and the user password was passed to the authentication package in its unhashed (plain text) form. It is possible that the unhashed password was passed across the network, for example, when IIS performed basic authentication.|
|9||NewCredentials||A caller (process, thread, or program) cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but it uses different credentials for other network connections.|
|10||RemoteInteractive||A user logged on to this computer remotely using Terminal Services or a Remote Desktop connection.|
|11||CachedInteractive||A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials.|
Cacti mobile browser for android.
Took a few snaps of the moon tonight using my Canon SX30IS. One day I’ll spend more time with this camera and really learn how to take some great photos… One day!