Rob, To date the evidence raw packets are sent to the DB only by the appliances. If you are using the SW version you can only access the file directly. Any packet monitoring tool will do.
Jean Paul -----Original Message----- From: [EMAIL PROTECTED] On Behalf Of Rob Baxter Sent: Thursday, July 15, 2004 3:19 PM To: [EMAIL PROTECTED] Subject: [ISSForum] session playback & logwithraw I am currently working with a evaluation license of SiteProtector 2.0 and Network Sensor 7.0 in our lab as an evaluation for possible purchase. I have read in several places that RS is capable of logging the raw packet data for generated alerts. I have updated the policy/response for several signatures to do both LogWithRaw and LogEvidence however I don't see any raw packet data available either in the SiteProtector console or in the RealSecureDB database itself. Where should I be looking for this information? With LogEvidence enabled I do see the evXXX.enc files being generated but is there any way of viewing them aside from a text editor? I have looked in the ISS documentation and KB but have yet to find anything which address these issues. TIA if someone can point me in the right direction. </rob> _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
