anyone use Symantec (Axent)ITA
Results 1 to 3 of 3

Thread: anyone use Symantec (Axent)ITA

  1. #1
    Junior Member
    Join Date
    Feb 2003
    Posts
    2

    Question anyone use Symantec (Axent)ITA

    I'm a network security manager for my company, running the latest version of Symantec ITA. One function i'm using ita for is to tail a router syslog. Does anyone out there know how I would set up ita to filter out specific events from a router syslog? Or how to set up complex search strings? I dont want anything specific (info wise..) just a basic example(s) of a search string..
    -thnx

  2. #2
    Junior Member
    Join Date
    Sep 2003
    Posts
    1

    Smile

    Hey mate,

    For example, here is an IIS log file entry:

    10:46:32 192.168.2.5 GET /exchange/..%5c..%5c..%5c..%5c..%5c/winnt/system32/cmd.exe

    To get ITA to alert on such a thing you would have a signature such as:

    *192.168.3.88*cmd.exe

    This will parse for any items in a log entry that contain the above, of course, you can be as granular as you like, you can check out pages 5.16 & 5.17 of the ITA users Guide for more information.

    Hope this helps

  3. #3
    Junior Member
    Join Date
    Feb 2003
    Posts
    2
    Thanks.. i'll definately try it out...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides