Thursday, October 8, 2009

Tracing remote clients' IP address

Getting a lot of listener-thread errors and you want to find out where these connections are coming from? The xtrace utility of IDS allows you to enable tracing of specific components within the engine. This should only be enabled if the problem can be reproduced or happens at regular intervals.

To enable xtrace for IP tracing:

xtrace heavy -c XTF_IPTRACE -f XTF_SYSCALLS
xtrace size 50000
xtrace on

To disable xtrace, use:

xtrace off

To dump the trace, use any of the commands below:

xtrace fview
xtrace rview

No comments:

Post a Comment