TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Hi
I've just set up a user-defined syslog event on a windows NT server running
server-sensor v65
(configured to run as a syslog server on UDP/514, not that it makes much difference to
my question).
I set up an Info entry called "All" with the associated pattern "{!}".
When I trip the event I get what i want in the event DETAIL, under the tag of "All",
but I can't
work out how to control what appears in the "Info" field of the event-pane on the
console GUI.
I'm pretty sure that with, say, v5 OS-sensor then whatever was my first customised
Info entry (in
alphabetical order) was chosen to be displayed on the GUI. Therefore if I created
something to watch
for file changes I would make my first Info entry be the file name (pulled from the
appropriate NT
event log field) so that it appear on the console.
All that happens with my syslog event is that I get "Attack Origin - Unknown" in the
Info field on
the GUI which is not the most helpful message. What's equally bizarre is that event
detail shows the
computer which sent the syslog as the DestinationIP address?!
Anyway, should it still be possible to change what value is presented in the Info
field on the GUI -
and if so what am I doing wrong?
Thanks,
Jason
Jason Renard
Warning - all views expressed are my own.
I cannot guarantee the accuracy of everything
I've said - use it at your own risk.
