anyone use Symantec (Axent)ITA
Results 1 to 3 of 3

Thread: anyone use Symantec (Axent)ITA

  1. #1
    Junior Member
    Join Date
    Feb 2003

    Question anyone use Symantec (Axent)ITA

    I'm a network security manager for my company, running the latest version of Symantec ITA. One function i'm using ita for is to tail a router syslog. Does anyone out there know how I would set up ita to filter out specific events from a router syslog? Or how to set up complex search strings? I dont want anything specific (info wise..) just a basic example(s) of a search string..

  2. #2
    Junior Member
    Join Date
    Sep 2003


    Hey mate,

    For example, here is an IIS log file entry:

    10:46:32 GET /exchange/..%5c..%5c..%5c..%5c..%5c/winnt/system32/cmd.exe

    To get ITA to alert on such a thing you would have a signature such as:


    This will parse for any items in a log entry that contain the above, of course, you can be as granular as you like, you can check out pages 5.16 & 5.17 of the ITA users Guide for more information.

    Hope this helps

  3. #3
    Junior Member
    Join Date
    Feb 2003
    Thanks.. i'll definately try it out...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

 Security News


       Security Trends


           Buying Guides