[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ISSForum] Difference between LogDB and Display ???



Anand,


As you've noticed, this area is a little confusing. All events will be
stored in the database, regardless of LOGDB setting. Enabling DISPLAY
guarantees that the Cleared flag is *not* set, making the event visible
- which makes sense. Not enabling DISPLAY or LOGDB will set the Cleared
flag, which hides the event from view - but it is still in the database.

The explanation lies in how things worked in WorkGroupManager, before
SiteProtector (RSSP)/

In WGM, LOGDB and DISPLAY meant what they sound like. The console would
only show directly received real-time (DISPLAY) events, and the database
would only store LOGDB events. The Console did not interact with the
event database. The EC was responsible for directing the flow of events
to the correct destination.

RSSP is fundamentally different, everything goes via the database, even
the console. This has two implications: 1. You simply can't *not* store
the event, and disabling LOGDB has no such effect. 2. The DISPLAY
response is confusing or redundant because the console sees what's in
the database, and all events are always in the database. Almost -
because now there is something new called a Cleared event.
 
The whole idea behind the 'Cleared' flag is that the operator clears
events to get rid of unwanted noise in the display. However, the cleared
flag also maps to the LOGDB/DISPLAY responses. The console does not show
cleared events by default. You can see this by right-clicking an event
and then clearing it - it'll disappear. The only way to see it or
unclear it again, is to add the column 'Cleared count' to your view.

Cheers,
Robert

-----Original Message-----
From: issforum-bounces@xxxxxxx [mailto:issforum-bounces@xxxxxxx] On
Behalf Of keshav anand
Sent: 25 January 2005 11:47
To: issforum@xxxxxxx
Subject: [ISSForum] Difference between LogDB and Display ???

Dear Members,

I can see multiple responses in signatures like
email,LogDB,Display,snmp etc

I have certain queries on difference between LogDB and
Display . I think LogDB will log the events captured
by event collector to the sql server where as Display
option will only display it in sitepro console.

ISS support told me that whatever i see in Sensor
Analysis tab in console is being fetched from the
database. If so how do i see events being configured
to just display and not to log to database ?

Then whats the difference between LogDB and Display ?

In that case how do i generate reports from database ?

My Sitepro version is of Version 2.0 SP4. Has ISS
changed the way of logging events in this release ? If
so why have they provided both Display and LogDB in
signature responses ?




	
		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - You care about security. So do we. 
http://promotions.yahoo.com/new_mail
_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.