[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ISSForum] session playback & logwithraw



Hi, Rob.
You can watch *.enc files by MS NetworkMonitor or Ethereal. I think that
Ethereal is better,  because it's equiped with a lot of useful features
which will do you good.
Good luck

---
Best regards, Sergey V. Soldatov.
tel/fax +7 095 745 89 50 (2663)


                                                                                                                    
              Rob Baxter                                                                                            
              <rbaxter@xxxxxxxxxxx>            To:       issforum@xxxxxxx                                           
              Sent by:                         cc:                                                                  
              issforum-bounces@xxxxxxx         Subject:  [ISSForum] session playback & logwithraw                   
                                                                                                                    
                                                                                                                    
              15.07.2004 17:19                                                                                      
                                                                                                                    
                                                                                                                    





I am currently working with a evaluation license of SiteProtector 2.0
and Network Sensor 7.0 in our lab as an evaluation for possible
purchase. I have read in several places that RS is capable of logging
the raw packet data for generated alerts. I have updated the
policy/response for several signatures to do both LogWithRaw and
LogEvidence however I don't see any raw packet data available either in
the SiteProtector console or in the RealSecureDB database itself. Where
should I be looking for this information? With LogEvidence enabled I do
see the evXXX.enc files being generated but is there any way of viewing
them aside from a text editor? I have looked in the ISS documentation
and KB but have yet to find anything which address these issues. TIA if
someone can point me in the right direction.

</rob>
_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.





_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.