Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello I have a CS-MARS 50 box ver 6.2when i am doing a query on raw messages for the string Configured or a query for the event: router configuration is changed everything is working fine the syslogs are displyed.when I am trying to issue a report on...
Hi,I have an IPS 4255 it is used to inspect traffic to the internet. it is used after the firewall. The internet traffic is around 40 Mbps. When i inspect trafic the procesor is around 90 percent and the inspection load is 30 percent. after about a d...
Hello,I recently installed a 4260 IPS sensor. It is used to inspect traffic between a ISA server and the LAN. The ISA is formed from 3 real servers in NLB. Each server is connected to 2 switches through 4 cables 2 in each switch, one in the internet...
Hi,i am trying a test scenario for NAC. it is oob virtual gatewayI get the login page when i try to access the web but when i try to authenticate to the local db i don;t receive an error message and i remain on the authentication screen.I listened wi...
Hello,In the first option what should be configured on the server side?Will the second option return http logs or specific snort logs? how will it work?Thanks.
I gues i figured it out.The clock was off by about 10 h between the MARS and the switch.I don't know exactly why mars behaved this way. Does anybody know how MARS chooses to store logs that appear to arive late?Why where they stored (just enough for ...
Hi,Stopping events from being fired on the IPS is better, MARS will not have to process the unwanted events.You have to select the signatures that you want to fire go to edit actions and check the produce alert field. Uncheck this field on the undesi...
Hi,I began checking the satus of the processes when the sensor app was stopped.I began checking the status of the processes in the /etc/init.d directory, and when i hit one of them the sensor replied:file system corrupt, rebooting...So i reimaged the...
