All,
I am updating Event 0x00010017 in the custom area to suppress Authentication
Failure alarms from known IP addresses (like vulnerability scanners ). Just for
testing purpose I have just put the IP address of my SS machine itself to
validate the rule. However none of the rules seems to be working. As soon as
Event 0x00010017 is generated, its followed by event which indicates that an
event occurred for which no event format file exists. I made sure that
custom/CsEvFormat has files for event 0x4cd91000 and 0x4cd91017. Reloaded Event
configuration from VNM and Tomcat to read the files, none of the rules have
errors. Am I missing something someware?
0x00010017 E 50 R CA.EventCondition, "{ v 1 } == { O 172.22.236.51 } ",
"0x4cd91000 -:-" \
"default", "0x4cd91017 -:-"
0x00010017 E 50 R CA.EventCondition, "strcmp ( { v 1 }, { O 172.22.236.51 } )",
"0x4cd91000 -:-" \
"default", "0x4cd91017 -:-"
0x00010017 E 50 R CA.EventCondition, "regexp ( { v 1 }, { O 172.22.236.51 } )",
"0x4cd91000 -:-" \
"default", "0x4cd91017 -:-"
0x4cd91000 E 10
0x4cd91017 E 10 A 1,0x01030a
Saurabh Bohra
Sr. Network Mgmt Systems Analyst
ESPN Inc.
O: 860-766-0842 | M: 860-385-3597 | e-mail: [email protected]
---
To unsubscribe from spectrum, send email to [email protected] with the body:
unsubscribe spectrum [email protected]
