L�
I@R ���隊[����r��z+,~��)���w*�ʋ���,j���f���h����w�
��i�b�����w���'z�������������Hi Bernhard
I have run into the same problem although I don't have any RSNS 7 boxes. We found
large numbers of spurious sensors had managed to get defined inside the SP Database
including a bunch that didn't actually get displayed by the console. This included
multiple entries from some multihomed hosts running RSSS, a few with a sensor IP addr
of 127.0.0.1 and one with a sensor name that included two smiling faces (depending on
the font you used).
If you are happy groking about with the SQL query analyser then have a look at the
Component table (and its friends) in the RealSecureDB. If not you can run the command
"ccengine -debug" on whichever system is running the SP Application Server
(.....\Application Server\bin\ccengine -debug) and look at what it reports. There is
a syntax error in the ccengine batch file (check the ISS KnowledgeBase for the
details) as you will need to fix it first.
Cleaning these up is not a simple matter as a) you might find that there are some
entries in the component table that you cannot see from the console and b) deleting
from the console does not necessarily clean up the various underlying tables. ISS
Support sent me a SQL script which cleans up the various tables after a device has
been removed from the console. I would suggest that you contact them.
-Cameron
-----Original Message-----
From: Fuchs Bernhard [mailto:[EMAIL PROTECTED]]
Sent: Wed 4/09/2002 6:12 PM
To: '[EMAIL PROTECTED]'
Cc:
Subject: Problem with Sensors
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Hi there!
I had a very strange Problem. I'm using SiteProtector 1.2 and Netsens 7. As
I looked into the console last friday, I found out that no Events are being
displayed.
After examining everythng I found a new Sensor apearing suddenly at 3:33:37
AM GMT+1. IP-Adress was that from a Networksensor- The name was 6|0r.
There is no way, that an additional sensor is comming to that subnet....
This subnet is only for that IDS.
Any ideas???
Mit freundlichen Grüßen/ sincerely
Bernhard Fuchs
Junior System-Engineer
IT-Infrastruktur
ITELLIUM
Systems & Services GmbH
Fürther Straße 205
90429 Nürnberg
Tel.: +49-911-14-27321
Fax: +49-911-14-22016
mailto:[EMAIL PROTECTED]
http://www.itellium.com
This email is confidential. If you are not the intended recipient, you must
not disclose or use the information contained in it. If you have received
this mail in error, please tell us immediately by return email and delete
the document. E-mails to and from the company are monitored for operational
reasons and in accordance with lawful business practices. The contents of
this email are those of the individual and do not necessarily represent the
views of the company. The company accepts no responsibility once an e-mail
and any attachments is sent.
News Flash
SecureNet and Baltimore Australia New Zealand have joined forces
to bring you APAC's e-Security Powerhouse. The new SecureNet offers
the most comprehensive suite of e-security products, solutions and
services available in the region today.
http://www.securenet.com.au
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
**********************************************************************
