TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Hi, just to expand on Karl's, excellent points:
At 12:51 PM 6/9/00 +0200, Karl Jaeger wrote:
>Hi Richard,
>
>a couple of suggestions on this one:
>
>1. apply the default policy "attack detector" - this will cut down the
>number of events being logged significantly - compare this ploiy to the
>one being used
>2. set logsize back to default 50000 and set high water mark to 10% -
>this will reduce the number of records actually being synced, so there
>is a better chance for the sync process to complete
>3. upgrade to 3.2.1 if not yet done
We have recently released a patch update to 3.2.2 and I would recommend
upgrading.
>4. monitor your LAN using M$ packet monitor - what�s really out there
In every other case of this type I have seen it has been that there are
other protocols on the network. The quick test is turn off the
IPunknownprotocol check. If the CPU drops then you can investigate with
your sniffer to see what the problem is.
Once you identify the rogue protocol check that it is allowed on your
network and if so tell RS to ignore is (in the advanced tab of the
IPunknownprotocol check). IPX is a frequent culprit here. Once RS is
ignoring the protocol you should find things are happier.
Steve
----------------------------------------------------------------------------
Steve Reddock
Consulting Manager - Asia Region
[EMAIL PROTECTED]
Internet Security Systems KK, Japan
Phone +81-3-5475-6458 Fax +81-3-5475-0557
http://www.iss.net http://www.isskk.co.jp
PGP keys available on request
------------------------------------------------------------------------
