Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We have created the engrel2 bundle to address the problems noted with the host sweeps,particulary the Sig 3030 false negative on SQL Spyda sweeps on port 1433. (We were onlylooking at low ports, so port 1433 was never counted).Now, we have changed t...
The filter says: os-relevance: not-relevant But the alert says: os: idSource=learned type=windows-nt-2k-xp relevance=relevant I suspect that is why this one filter is not matching.You probally want to revert the os-relevance to its default setting f...
Please contact kasper@cisco.com and I will helpto start the troubleshooting process for this.Include a 'show tech' in a follow-on email, and indicate if the out of memory occursduring regular processing or following a signature update package.If you ...
No 4.1(5) release is planned at this time.If you are certain that swap is off and you areseeing the same failure (ssh/telnet unreachable, ping works), then we may want to try running the 4230 in SINGLE THREAD mode. This will saveapprox 25MB in the m...
#1. is correct.#2. has typo. StorageKey should read as SummaryKey.You can use ChokeThreshold here, and it will take youfrom FireOnce->GlobalSummary when you have exceeded"ChokeThreshold" number of alert for that sig in theThrottleInterval.Looks like...
Hi Milan, It is a bug. Robert was able to tweak histest some and reproduce this defect now. I have instrumented the code and see the problem, and am working on a fix.We will submit a DDTS (bugid) for tracking purposes. I will suggest that we incl...
