-
September 2nd, 2003, 05:39 PM
#1
Junior Member
anyone use Symantec (Axent)ITA
I'm a network security manager for my company, running the latest version of Symantec ITA. One function i'm using ita for is to tail a router syslog. Does anyone out there know how I would set up ita to filter out specific events from a router syslog? Or how to set up complex search strings? I dont want anything specific (info wise..) just a basic example(s) of a search string..
-thnx
-
September 10th, 2003, 09:26 AM
#2
Junior Member
Hey mate,
For example, here is an IIS log file entry:
10:46:32 192.168.2.5 GET /exchange/..%5c..%5c..%5c..%5c..%5c/winnt/system32/cmd.exe
To get ITA to alert on such a thing you would have a signature such as:
*192.168.3.88*cmd.exe
This will parse for any items in a log entry that contain the above, of course, you can be as granular as you like, you can check out pages 5.16 & 5.17 of the ITA users Guide for more information.
Hope this helps
-
September 22nd, 2003, 10:04 PM
#3
Junior Member
Thanks.. i'll definately try it out...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|