[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ISSForum] Tivoli introduced into RS environment...overflowin g console and db



Title: RE: [ISSForum] Tivoli introduced into RS environment...overflowing console and db

Call ISS and ascertain if you can rewrite the event to exclude logins occurring from the Tivoli server IP.  Or see if they can rewrite the event to exclude the Tivoli Username.

Derek

-----Original Message-----
From: Calvin Tait [mailto:reiver2002@xxxxxxxxxxx]
Sent: Thursday, January 22, 2004 8:31 PM
To: issforum@xxxxxxx
Subject: [ISSForum] Tivoli introduced into RS environment...overflowing console and db

Hello,
I've been running Real Secure Server Sensors on all our servers for a few
years.  Yesterday, a separate tool, Tivoli, was turned up in the
environment.  Tivoli requires a W2K server administrator account to run.
The Tivoli agent logs in 6 times locally every 2 minutes to kick off
programs.  Each login triggers two alerts:

1. User login with admin privileges
2. User logon with special admin privileges

These two alerts pop up for every sensor * 6 * # of servers in each farm.
It fills 4 gigs of database space every hour and floods the console to the
point it's useless.
I can't disable the alerts because we are required to have them and store
them for a period of time for due diligence.  I work for a large financial
institution and every admin login must be recorded and saved.  Has anyone
ever used Tivoli in an environment that co-existed with Tivoli?  I can't
find a single discussion on the net or in both product knowledge bases.  I
do not use Tivoli to with the Real Secure Plug-in.  The operate
independently of each other.  Any help would be greatly appreciated!!!!  I'm
at wit's end.  I can't delete the excess rows in the db as fast as they are
coming in.

Thanks!!!
R
_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo