Hi, Rob.
You can watch *.enc files by MS NetworkMonitor or Ethereal. I think that
Ethereal is better, because it's equiped with a lot of useful features
which will do you good.
Good luck
---
Best regards, Sergey V. Soldatov.
tel/fax +7 095 745 89 50 (2663)
Rob Baxter
<[EMAIL PROTECTED]> To: [EMAIL PROTECTED]
Sent by: cc:
[EMAIL PROTECTED] Subject: [ISSForum] session playback &
logwithraw
15.07.2004 17:19
I am currently working with a evaluation license of SiteProtector 2.0
and Network Sensor 7.0 in our lab as an evaluation for possible
purchase. I have read in several places that RS is capable of logging
the raw packet data for generated alerts. I have updated the
policy/response for several signatures to do both LogWithRaw and
LogEvidence however I don't see any raw packet data available either in
the SiteProtector console or in the RealSecureDB database itself. Where
should I be looking for this information? With LogEvidence enabled I do
see the evXXX.enc files being generated but is there any way of viewing
them aside from a text editor? I have looked in the ISS documentation
and KB but have yet to find anything which address these issues. TIA if
someone can point me in the right direction.
</rob>
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]
The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]
The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303
Barfield Road, Atlanta, Georgia, USA 30328.