Actually both the A604 and A1204 support Log Evidence. This feature was added to the higher-end Proventias last year, and it provides for raw packet capture and display of the packet on the SiteProtector Console. You don't have to use any additional software such as tcpdump.
It is the packet that triggered the event that gets forwarded to SiteProtector. The only possible drawback is that only one packet is captured. I have had several customers ask for multiple packet capture, and we are researching that implementation, but right now a single packet is captured. So unless I missed something you should be OK. Hopefully this is good news. Bob -----Original Message----- From: [EMAIL PROTECTED] On Behalf Of HACKER, ERIC W Sent: Tuesday, January 27, 2004 10:35 PM To: Reeves, Mike; [EMAIL PROTECTED] Subject: RE: [ISSForum] Proventia Devices (Fiber packet captures) One issue with the multiport Proventias (A604 and A1204) is the inability to do raw packet captures on the IDS interfaces with tcpdump or the like. When one does an ifconfig the fiber interfaces are not even listed. This is a serious impediment to troubleshooting IDS issues as well as testing the installation in a complex environment. If I had thought to test that before we started deploying them, I might not have ordered any. Eric Hacker, Enterprise Security Information Architect, FleetBoston Financial > -----Original Message----- > From: Reeves, Mike [mailto:[EMAIL PROTECTED] > Sent: Tuesday, December 30, 2003 3:51 PM > To: '[EMAIL PROTECTED]' > Subject: [ISSForum] Proventia Devices > > Anyone have any good or bad experiences dealing with Proventia? Looking > for > information on grunt level management of the devices, such as maintaining > the device, updating it, wacky issues etc. > > Thanks, > > Mike _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
