Hi, I installed RS Server Sensor 7 on both AIX and Windows. I got the Sensors on both platforms communicating to the Site Protector 5. I applied the default Attack_And_Audit_Policy into the Sensors. Then I tried to test on the audit part of this policy by trying a brute force login to the Sensors.
The Windows platform sensors shows me the events like I expected but the AIX did not even show anything. There is not even an event showing 'root' access to the system. I verified the Sensors is Active. Then I verified that the enforce audit policy is turned on in each AIX sensors and the Auditing in OS for the policy is checked. What could be the problem? Anyone bump into such problem before? Will AIX sensors show me anything in the events like telnet login? Anyone knows any diagnostic tool I can check whether the AIX sensor is working or not? Appreciate any comment. Thank you. Best regards, Kwan CK __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
