TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Tan Wee,
When an engine is configured in stealth mode, all connections requiring a
tcp connection (sending an alert, an snmp trap, an email etc) go out the
management interface. Tcp Resets (kill connection) travel out the stealth
interface.
Purging the records in the database can be done using maintain log in the
RealSecure application you can delete all records or records from a specific
daterange.
I would not remove attacks only becuase you do not see that traffic on your
network. Many implementations I have left these signatures in and been
rewarded by detecting a change in the network, that could have allowed
additional attacks through the network.
Hope this helps some.
Cheers,
Brian
1) If the engine is configured in Stealth mode,which interface
> will the email alert be sent out??If i'm not wrong,it should be
> from the interface with TCP/IP binded.
> 2)Is there any way to purge the log after certain date??I know
> that the log is contained in rsclientlog.mdb.
> 3)For the past one month,i apply the maximum coverage in the
> engine so as to get a clear picture of the kind of traffic that's
> flowing in the network.From the log,i notice only HTTP and Email
> and occasionally FTP traffic.When i refine my policy,am i right
> to say that i should only concentrate on events that are related
> to these three kind of traffic??
> Appreciate any advice given.
>
> Cheers
>
>
> Get your FREE Email at http://www.mailcityasia.com
>
