11-16-2001 07:49 AM - edited 03-08-2019 09:11 PM
When I try to set up filters with the newest Director software, my text fields for ip addresses are truncated. I can't see what I am keying in. The fields where you select the signature that you want to filter is also truncated. The machine is Win NT with all option paks etc. This doesn't seem to be a problem with Win 2k. Is there a fix?
11-16-2001 08:31 AM
If it works fine when logged on locally to the Unix Director, and it works when using an X-Windows client on your Win2K, then this is likely a problem with the X-Windows software you are running on your Windows NT machine. The many different X-Windows software varies between vendor and OS, and it is impossible to test Unix Director with each of them. Many times there are bugs or defficiencies in the X-Windows software which couldn't be worked around by changing the nrConfigure code.
Our team validates that it works on the standard X-windowing environments used by Solaris and HP since those are the platforms supported by the Unix Director.
Try using a different X-Windows software on your machine. We use "Reflexction X" as our X windows software on Win 2K machines and it works fine. We also used to use it on Windows NT back with the older 2.2.1 Unix Director software. We had already changed over to Win 2K before the 2.2.3 Director was released so I don't know if Reflection X running on WIn NT would have the same problem you are seeing?
You could try the following, to do manually what you could have done through the GUI:
1) In nrConfigure double click on the sensor.
2) Open the Intrusion Detection configuration of the currently applied version.
3) Don't make any changes
4) Close the Intrusion Detection window that opened.
5) Save the new temporary version that had been created. (Remember the number)
6) Close the sensor version window and close down nrConfigure.
7) Telnet to the director
8) Login as user netrangr
9) cd /usr/nr/var/nrConfigure (NOTE: DO NOT enter this directory while nrConfigure is running. This a dynamically created and modified directory. Making changes in here while nrConfigure is running will cause problems with nrConfigure)
10) cd to the org directory that matches your sensor's orgid
11) cd to the host directory that matches your sensor's hostid
12) cd to the config directory for the sensor
13) cd to the version directory that matches the new version you created for the sensor
14) Use vi (or your favorite editor) to edit the packetd.conf (or SigSettings.conf) file to add in or edit the RecordOfExcludedPattern (or RecordOfIncludedPattern) lines for the filters.
15) Save the edited file(s)
16) cd /usr/nr
17) Start back up nrConfigure.
18) Double click on the sensor
19) Now open the version you just edited
20) Make any other changes you want
21) Now apply that version
Your filters should now be sent down to the sensor.
For information on manually adding the RecordOfExcludedPattern token refer to:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids4/11657_02.htm#94819
11-16-2001 12:29 PM
I have used X-32 from StarNet and Xcursion from Compaq.
Both are experiencing the same problems. It seems that the text field lengths are not being read correctly.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide