[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISSForum] session playback & logwithraw

I am currently working with a evaluation license of SiteProtector 2.0 and Network Sensor 7.0 in our lab as an evaluation for possible purchase. I have read in several places that RS is capable of logging the raw packet data for generated alerts. I have updated the policy/response for several signatures to do both LogWithRaw and LogEvidence however I don't see any raw packet data available either in the SiteProtector console or in the RealSecureDB database itself. Where should I be looking for this information? With LogEvidence enabled I do see the evXXX.enc files being generated but is there any way of viewing them aside from a text editor? I have looked in the ISS documentation and KB but have yet to find anything which address these issues. TIA if someone can point me in the right direction.

ISSForum mailing list

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.