06-16-2004 01:37 PM - edited 03-09-2019 07:46 AM
I have a question regarding specifically SecMon 1.2.3 but the question could be related to previous releases>
When adding/importing a sensor to the monitor you may elect the severity>
When this parameter is set to say LOW, Will it mean that;
1.Informational events are logged and not displayed at the console?
2.Informational events are not logged or displayed at the console?
06-16-2004 08:22 PM
The sensor itself will always log ALL severity events locally into its 4Gig rotating log file.
Setting this parameter to Low on SecMon means that when SecMon queries the sensor to get the new alerts to download, only Low, Medium and High will be transferred, via RDEP, to the SecMon server and stored in the database there. Consequently, only these severity alerts will be seen in the Event Viewer within SecMon.
So to answer your question, it's number 1, but they're logged locally on the sensor only, they're not transferred to SecMon.
06-16-2004 09:29 PM
If this parameter set to LOW and later on you decide that you would like to get the historical Informational events from the sensor, would it then just be a case of setting this parameter back to Informational and then opening the SecMon from the date you need to view the Informational events?
Is there a way to force the SecMon to go re-query the sensor and fetch all the events from the sensor?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide