Printable View
I'm a network security manager for my company, running the latest version of Symantec ITA. One function i'm using ita for is to tail a router syslog. Does anyone out there know how I would set up ita to filter out specific events from a router syslog? Or how to set up complex search strings? I dont want anything specific (info wise..) just a basic example(s) of a search string..
-thnx
Hey mate,
For example, here is an IIS log file entry:
10:46:32 192.168.2.5 GET /exchange/..%5c..%5c..%5c..%5c..%5c/winnt/system32/cmd.exe
To get ITA to alert on such a thing you would have a signature such as:
*192.168.3.88*cmd.exe
This will parse for any items in a log entry that contain the above, of course, you can be as granular as you like, you can check out pages 5.16 & 5.17 of the ITA users Guide for more information.
Hope this helps
Thanks.. i'll definately try it out...