Wouldn't a Fusion Script Response (custom TCL script) accomplish this too?
Or... A custom signature which had a custom response (again a TCL script). A script which would extract any type of data from the event you told it to and write it to a flat file. Have you messed with the custom response capabilities? It's pretty cool what you can do. David -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Reiver Sent: Tuesday, October 25, 2005 7:09 PM To: jaeger Cc: ISS user group (E-mail) Subject: Re: [ISSForum] Sending high alerts to a flatfile or Tivoli Yes, I considered that, however, would I parse the sensor event queue or ?. I'm trying to keep from writing the same events over again, if there is a queue built up though. Although, after thinking about your e-mail, I wonder if I can set up a SQL trigger to do the same? I'll have to look into that! Thanks!! Reiver ----- Original Message ----- From: "jaeger" <[EMAIL PROTECTED]> To: "Reiver" <[EMAIL PROTECTED]> Cc: "ISS user group (E-mail)" <[email protected]> Sent: Monday, October 24, 2005 6:28 PM Subject: Re: [ISSForum] Sending high alerts to a flatfile or Tivoli Reiver, have you thought about coding a user defined response to write to a local flat file? This is pretty much straightforward, a simple cmd file response could look like this: @echo off rem parse all parameters needed in sensor response policy echo %* >> c:\logfile A more elegant way to do this is to use the logevent.exe utility from the W2K resource kit, which allows to write to the local application log. This can be used to trigger events in the local tivoli agent. Karl Reiver schrieb: > Nope. No printing subsystems, Posix, OS/2, OS stripped down to core, most > programs removed. No OOB management. ISS + multiple vendor appliances > for > every zone and the POS Tivoli thrown in the mix. lol. > > Reiver > > ----- Original Message ----- > From: "Ballerini, Jean Paul (ISS EMEA)" <[EMAIL PROTECTED]> > To: "Reiver" <[EMAIL PROTECTED]>; "[EMAIL PROTECTED]" > <[email protected]> > Sent: Monday, October 17, 2005 10:38 AM > Subject: RE: [ISSForum] Sending high alerts to a flatfile or Tivoli > > > Not even SNMPv3 ? > > Jean Paul > > -----Original Message----- > From: [EMAIL PROTECTED] On Behalf Of Reiver > Sent: sabato 15 ottobre 2005 3.42 > To: [EMAIL PROTECTED] > Subject: Re: [ISSForum] Sending high alerts to a flatfile or Tivoli > > Sorry, forgot to mention that we aren't allowed to use SNMP (security > reasons). > > Thanks! > Reiver > > ----- Original Message ----- > From: "Bruetsch, Markus (ISS California)" <[EMAIL PROTECTED]> > To: "Reiver" <[EMAIL PROTECTED]>; "[EMAIL PROTECTED]" > <[email protected]> > Sent: Friday, October 14, 2005 8:04 AM > Subject: RE: [ISSForum] Sending high alerts to a flatfile or Tivoli > > > You can use the SNMP response in SiteProtector to sent the alerts to > Tivoli. > > > > Regards > > Markus > - > Markus Brütsch > TZ: US Pacific > Office: 805 241 6282 > > > -----Original Message----- > From: [EMAIL PROTECTED] On Behalf Of Reiver > Sent: Thu, Oct 13, 2005 17:37 > To: [EMAIL PROTECTED] > Subject: [ISSForum] Sending high alerts to a flatfile or Tivoli > > We are trying to send alerts for Server Sensor to a flatfile that Tivoli > can > read or find a way for Tivoli to read the high alerts only in a more > direct > manner. Has anyone done this? I realize that there is a Tivoli Console > for > Real Secure, but I want to continue to monitor with site protector and I > don't have control of the Tivoli mothership, only the local agents. > > Thanks! > _______________________________________________ > ISSForum mailing list > [email protected] > > TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to > https://atla-mm1.iss.net/mailman/listinfo/issforum > > To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] > > The ISSForum mailing list is hosted and managed by Internet Security > Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. > > > _______________________________________________ > ISSForum mailing list > [email protected] > > TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to > https://atla-mm1.iss.net/mailman/listinfo/issforum > > To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] > > The ISSForum mailing list is hosted and managed by Internet Security > Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. > > > _______________________________________________ > ISSForum mailing list > [email protected] > > TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to > https://atla-mm1.iss.net/mailman/listinfo/issforum > > To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] > > The ISSForum mailing list is hosted and managed by Internet Security > Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. > -- Karl-Heinz Jaeger Manager Customer Services ______________________________________________________________ Schützen Sie Ihr Netz von Innen. - Sensibilisieren Sie Ihre Mitarbeiter für IT-Sicherheit. Erfahren Sie alles über unser kostenloses Security Awareness Training unter: http://www.open-beware.de Besuchen Sie unseren IDP-Workshop am 16.November 2005 in Frankfurt. Informieren Sie sich hier: http://www.bdg.de/ Treffen Sie am 19. jeden Monats IT-Sicherheits-Experten beim BDG-Security-Point! Alle Informationen finden Sie hier: http://www.bdg.de/security-point ______________________________________________________________ * BDG GmbH & Co. KG - Make IT safe. * Stolbergerstr. 307 D-50933 Koeln Tel: +49 (0)6126-94433-0 Fax: +49 (0)6126-94433-31 E-Mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> Web: www.bdg.de <http://www.bdg.de> ______________________________________________________________ _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
