06-20-2006 08:28 AM - edited 03-09-2019 03:19 PM
Running vs. 4.1 ... When I run a query on a specific clients source IP address, I am getting alot of Destination IP of 0.0.0.0 .... is this normal? Is there something I am missing in configuration?
06-20-2006 12:05 PM
Hi,
It's normal, as it was generated by the device itself. This is why you see the 0.0.0.0 can either be a source or destination IP.
Same goes to interface up/down for a device where if the device itself is sending log to MARS, you'll see the same 0.0.0.0 appear.
Rgds,
AK
09-10-2006 11:11 PM
Hi,
It's normal. I guess you're getting information from logon events (authentication failure, Windows 2000 login sucessful, etc) That's because there're some event logs without IP information and traffic used is not IP routed (NetBIOS, p.e.) In this manner, if you look at the raw message you'll see the logon information (username, password, domain controller like reporting device, etc)
It's normal.
Good luck!
09-11-2006 04:39 AM
Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide