[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISSForum] session playback & logwithraw




I am currently working with a evaluation license of SiteProtector 2.0 and Network Sensor 7.0 in our lab as an evaluation for possible purchase. I have read in several places that RS is capable of logging the raw packet data for generated alerts. I have updated the policy/response for several signatures to do both LogWithRaw and LogEvidence however I don't see any raw packet data available either in the SiteProtector console or in the RealSecureDB database itself. Where should I be looking for this information? With LogEvidence enabled I do see the evXXX.enc files being generated but is there any way of viewing them aside from a text editor? I have looked in the ISS documentation and KB but have yet to find anything which address these issues. TIA if someone can point me in the right direction.

</rob>
_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.