TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
THis should be working fine. Check the following and get back to me:
1) Highlight the Detector in question, and click on "Responses" from the
drop-down menu. Check the email response action information for the
follwoing things:
a) Make sure that it did get copied ocrrectly when you clicked on "replace
with global"
b) Double-check the accuracy of the information, to make sure that an error
like two transposed number (IOW, a "21" instead of a "12" for example) has
not occurred!
2) OK, now that you have made sure that the information in the response is
correct, double check the policy. Go to the traceroute event (Security
Events->ICMP->Trace_Route) and make sure that "Email" is checked and
displayed in the "Response Type". Make sure that if you make changes, that
you "Save" the policy before pushing it.
3) Execute a traceroute. If the event is triggered, double click on that
event in the Priority window. It will pop up a dialog box. In the bottom
right-hand corner it will show which actions were taken (logging, email,
etc.). Email should show up. If it does not, then check everything above,
and make sure that you pushed the right policy to the right engine, etc. If
it DOES show up, but the emails are going through, see if the connections
are getting killed by another possible RS rule. You can also sniff the
connection to see if, in this case, RS is sending out the proper info to the
proper port, etc.
I have tested this numerous times and it works correctly for me. Hopefully
this is just some silly little error and nothing difficult to track down!
Hope this helps,
Alex F
[EMAIL PROTECTED]
-----Original Message-----
From: Erik Carus [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 17, 2000 2:50 PM
To: [EMAIL PROTECTED]
Subject: RS Email response
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
Hello everybody,
I've got a problem while trying to use email responses to security events in
RS 3.2.1.
Our network engine is running on an NT4 SP5 machine, and I wanted to test
the email response on the "traceroute" event, so I did the following:
* I selected "EMAIL" as a response to the traceroute event in the policy
editor
* I filled in the email global response form with the adress of our mail
relay and my email adress
* I selected the detector and choosed to replace its responses by the global
responses
* I reloaded the policy
and... the traceroutes show in the console but no mail, not even traffic
from the detector towards the port 25 of our mail relay, and no related
message in the NT events viewer on the detector. I tried a telnet from the
detector to the email relay on port 25 and it works.
Have you got any idea? Have I missed something? How do RS send emails from
an NT machine? Is there any operating system requirement for this to work?
Thanks a lot for your very valuable help, and have a good day (night?)!
Erik
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
