Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
479
Views
0
Helpful
2
Replies

X-Windows and Director 2.2.3

robert.mcclain
Level 1
Level 1

‎11-16-2001 07:49 AM - edited ‎03-08-2019 09:11 PM

When I try to set up filters with the newest Director software, my text fields for ip addresses are truncated. I can't see what I am keying in. The fields where you select the signature that you want to filter is also truncated. The machine is Win NT with all option paks etc. This doesn't seem to be a problem with Win 2k. Is there a fix?

Labels:
0 Helpful
2 Replies 2

marcabal
Cisco Employee
Cisco Employee

‎11-16-2001 08:31 AM

If it works fine when logged on locally to the Unix Director, and it works when using an X-Windows client on your Win2K, then this is likely a problem with the X-Windows software you are running on your Windows NT machine. The many different X-Windows software varies between vendor and OS, and it is impossible to test Unix Director with each of them. Many times there are bugs or defficiencies in the X-Windows software which couldn't be worked around by changing the nrConfigure code.

Our team validates that it works on the standard X-windowing environments used by Solaris and HP since those are the platforms supported by the Unix Director.

Try using a different X-Windows software on your machine. We use "Reflexction X" as our X windows software on Win 2K machines and it works fine. We also used to use it on Windows NT back with the older 2.2.1 Unix Director software. We had already changed over to Win 2K before the 2.2.3 Director was released so I don't know if Reflection X running on WIn NT would have the same problem you are seeing?

You could try the following, to do manually what you could have done through the GUI:

1) In nrConfigure double click on the sensor.

2) Open the Intrusion Detection configuration of the currently applied version.

3) Don't make any changes

4) Close the Intrusion Detection window that opened.

5) Save the new temporary version that had been created. (Remember the number)

6) Close the sensor version window and close down nrConfigure.

7) Telnet to the director

8) Login as user netrangr

9) cd /usr/nr/var/nrConfigure (NOTE: DO NOT enter this directory while nrConfigure is running. This a dynamically created and modified directory. Making changes in here while nrConfigure is running will cause problems with nrConfigure)

10) cd to the org directory that matches your sensor's orgid

11) cd to the host directory that matches your sensor's hostid

12) cd to the config directory for the sensor

13) cd to the version directory that matches the new version you created for the sensor

14) Use vi (or your favorite editor) to edit the packetd.conf (or SigSettings.conf) file to add in or edit the RecordOfExcludedPattern (or RecordOfIncludedPattern) lines for the filters.

15) Save the edited file(s)

16) cd /usr/nr

17) Start back up nrConfigure.

18) Double click on the sensor

19) Now open the version you just edited

20) Make any other changes you want

21) Now apply that version

Your filters should now be sent down to the sensor.

For information on manually adding the RecordOfExcludedPattern token refer to:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids4/11657_02.htm#94819

0 Helpful

robert.mcclain
Level 1
Level 1
In response to marcabal

‎11-16-2001 12:29 PM

I have used X-32 from StarNet and Xcursion from Compaq.

Both are experiencing the same problems. It seems that the text field lengths are not being read correctly.

0 Helpful
Customers Also Viewed These Support Documents