04-18-2002 12:08 AM - edited 03-08-2019 10:21 PM
Hi,
some weeks ago I worked with a 4230 sensor and a CSPM 2.3.3 (i), now I'm working with the same CSPM and a new 4210 sensor.
In the first case and in the second I've experimented the same problem:
some event signature are found but not showed in the event viewer, (for example a telnet connection). Note that the event is configured with high priority (and not filtered) and in the signature the response are "log" and "shun"
At the event occurrence the ip is properly logged and shunned to the managed device (PIX6.1) (the event is also showed with the "snoop" command at the sensor's root level) but not notificated in the event viewer, Can anyone tell me WHY?
This is not a problem, shure... but my customer if does not see it does not believe!
Thanks in advance,
Graz.
04-19-2002 04:04 AM
Hi,
I've noted that with the default signature Its works.
Thanks,
GRAZ
04-23-2002 08:15 AM
I just ran into a similar issue. I recently upgraded from 3.0(5)S4 to 3.0(5)S17. Before the upgrade the event viewer was stable. Since the upgrade, it seems log half of the actual alarms.
What Signature Version are you running?
04-24-2002 02:47 AM
I think 3.0(5)S4...
Bye
Graz.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide