[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ISSForum] session playback & logwithraw



Hi Rob,
      With siteprotector when you have logwithraw enabled on a signature and
the signature fires, in the event details window you will see a text file
symbol near the bottom, double click on this and the offending items data is
presented to the screen. As for viewing enc files try ethereal 


Regards

Jeff



-----Original Message-----
From: issforum-bounces@xxxxxxx [mailto:issforum-bounces@xxxxxxx] On Behalf
Of Rob Baxter
Sent: 15 July 2004 14:19
To: issforum@xxxxxxx
Subject: [ISSForum] session playback & logwithraw


I am currently working with a evaluation license of SiteProtector 2.0 
and Network Sensor 7.0 in our lab as an evaluation for possible 
purchase. I have read in several places that RS is capable of logging 
the raw packet data for generated alerts. I have updated the 
policy/response for several signatures to do both LogWithRaw and 
LogEvidence however I don't see any raw packet data available either in 
the SiteProtector console or in the RealSecureDB database itself. Where 
should I be looking for this information? With LogEvidence enabled I do 
see the evXXX.enc files being generated but is there any way of viewing 
them aside from a text editor? I have looked in the ISS documentation 
and KB but have yet to find anything which address these issues. TIA if 
someone can point me in the right direction.

</rob>
_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.719 / Virus Database: 475 - Release Date: 12/07/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.719 / Virus Database: 475 - Release Date: 12/07/2004
 

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.