Dear Listmembers, I am using RS Network Sensor 7 + WGM console 6.7SP1. Is there a simple (i.e. efficient) way to log an entire connection, which fired security event? The Session Playback feature doesn't work for HTTP connections (I think it works for telnet and ftp only). BTW, I am trying to log "HTTP_POST_GroupBy" and other SQL injection connections. The most I can get is the offending packet only (using LogWithRaw or LogEvidence). The obvious way is to sniff the entire traffic (PacketLog feature), but that takes up too much resources. Is there, at least, a way to stop (or backup) the PacketLog, using some response, once the event is fired?
I already contacted ISS Support, and their answer was: "I just wanted to update you to let you know that we are still investigating to see if there's a way for you to log the packets proceeding the event you are alerted on. This functionality is currently not within the product." Hoping that they will come up with solution soon, maybe somebody already had this problem? Zoran _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
