[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ISSForum] session playback & logwithraw



Rob,

To date the evidence raw packets are sent to the DB only by the
appliances.
If you are using the SW version you can only access the file directly.
Any packet monitoring tool will do.

Jean Paul

-----Original Message-----
From: issforum-bounces@xxxxxxxxxxxxxxxx On Behalf Of Rob Baxter
Sent: Thursday, July 15, 2004 3:19 PM
To: issforum@xxxxxxxxxxxxxxxx
Subject: [ISSForum] session playback & logwithraw


I am currently working with a evaluation license of SiteProtector 2.0 
and Network Sensor 7.0 in our lab as an evaluation for possible 
purchase. I have read in several places that RS is capable of logging 
the raw packet data for generated alerts. I have updated the 
policy/response for several signatures to do both LogWithRaw and 
LogEvidence however I don't see any raw packet data available either in 
the SiteProtector console or in the RealSecureDB database itself. Where 
should I be looking for this information? With LogEvidence enabled I do 
see the evXXX.enc files being generated but is there any way of viewing 
them aside from a text editor? I have looked in the ISS documentation 
and KB but have yet to find anything which address these issues. TIA if 
someone can point me in the right direction.

</rob>
_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.