TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
If your engine runs under Solaris, go to directory /opt/ISS/RealSecure and
edit the file named daemon.policy.
It gives you informations about the engine process, the daemon port number
.... and the master console status.
Last line should be something like : "master console =S
current_console_key_*;".
Just remove the "current_console_key_*" and keep "master console =S
;". You might need to restart the process.
Regards.
Yannick Antoine
Network Security Engineer
Clearstream Services
mailto:[EMAIL PROTECTED]
-----Original Message-----
From: Michael Wilson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 24, 2000 22:25
To: Norton.Stephen
Cc: [EMAIL PROTECTED]
Subject: RE: Changing Master Console Monitor
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
Stephen,
That's what I thought, and what the documentation says. However,
when we tried this, it didn't work. Very confusing; the network sensor
insisted that it was still under the control of a non-existent machine.
-Mike Wilson
-Sr. Security Specialist
-UNIFIED Technologies
-Troy, NY
On Thu, 24 Aug 2000, Norton.Stephen wrote:
> Stopping and restarting the network engines will also relinquish Master
> Console status. The console is authenticated to the sensor through a
secure
> channel. Anything that breaks that authenticated connection will
relinquish
> the MC status.
>
>
> Stephen P. Norton
> Franchise Tax Board
> [EMAIL PROTECTED]
>
>
> -----Original Message-----
> From: Michael Wilson [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 24, 2000 12:26 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Changing Master Console Monitor
>
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
>
----------------------------------------------------------------------------
>
>
> More interesting to me is the question of how you fix things if,
> for example, you have a master console assigned, but then that machine
> goes away for whatever reason, without backups. If you can't go and
> relinquish properly, then what? I imagine that this is the situation
> under discussion - otherwise he probably would have already tried to
> release it.
> I've got a situation like this at a customer site. In this case,
> it's immaterial, since we're doing a complete reinstall of the probes
> for other reasons anyway, but I'm curious to know how to make a probe
> release it's master without having the master available to make the
> request.
>
> -Mike Wilson
> -Sr. Security Specialist
> -UNIFIED Technologies
> -Troy, NY
>
> On Thu, 24 Aug 2000, Norton.Stephen wrote:
>
> >
> > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
> to
> > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
> >
>
----------------------------------------------------------------------------
> >
> > The message indicates another console ('hostname') has obtained Master
> > Controller status. This is granted by the sensors on a first-come,
> > first-served basis. If you want your console to be the designated
Master
> > Controller, you will need to go to the 'hostname' console and relinquish
> the
> > Master Controller status, then go back to your console and re-add the
> > network engine. If you are only monitoring the engine, and not making
any
> > configuration changes, you shouldn't need Master Controller status.
> >
> >
> > Stephen P. Norton
> > Franchise Tax Board
> > [EMAIL PROTECTED]
>
