Rob,
To date the evidence raw packets are sent to the DB only by the
appliances.
If you are using the SW version you can only access the file directly.
Any packet monitoring tool will do.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Rob Baxter
Sent: Thursday, July
Rob,
First off, make sure you are at the latest version of SiteProtector
(2.0 SP4). I'm not sure if the console LogWithRaw decoding was in
available prior to SP4.
For evidence logging:
The ev*.enc files that are stored in the ./Logs directory on the
sensor are in Microsoft Network Monitor
Hi, Rob.
You can watch *.enc files by MS NetworkMonitor or Ethereal. I think that
Ethereal is better, because it's equiped with a lot of useful features
which will do you good.
Good luck
---
Best regards, Sergey V. Soldatov.
tel/fax +7 095 745 89 50 (2663)
Hi Rob,
With siteprotector when you have logwithraw enabled on a signature and
the signature fires, in the event details window you will see a text file
symbol near the bottom, double click on this and the offending items data is
presented to the screen. As for viewing enc files try ethereal