On Saturday, October 15, 2005, 3:51:22 PM, Scott wrote:
|
> |
When I submit false positives to Sniffer about half come back rule clean. I then have to go to the logs and pull out those messages and resubmit the false positives with the log lines.
I believe I am FTPing up my log files to Sniffer nightly.
Isn't there a way to automatically pull these log lines out of the logs I have already sent up to Sniffer?
|
We process a huge volume of log file data. The logs are processed for their statistics and discarded so that we can keep up. There is an option to have SNF produce a .xhdr file that can be included in the message by some systems. If a message contains those headers then it is possible to look up the necessary data from the headers.
_M
