Unanswered Question


some weeks ago I worked with a 4230 sensor and a CSPM 2.3.3 (i), now I'm working with the same CSPM and a new 4210 sensor.

In the first case and in the second I've experimented the same problem:

some event signature are found but not showed in the event viewer, (for example a telnet connection). Note that the event is configured with high priority (and not filtered) and in the signature the response are "log" and "shun"

At the event occurrence the ip is properly logged and shunned to the managed device (PIX6.1) (the event is also showed with the "snoop" command at the sensor's root level) but not notificated in the event viewer, Can anyone tell me WHY?

This is not a problem, shure... but my customer if does not see it does not believe!

Thanks in advance,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
HEATH FREEL Tue, 04/23/2002 - 08:15
User Badges:

I just ran into a similar issue. I recently upgraded from 3.0(5)S4 to 3.0(5)S17. Before the upgrade the event viewer was stable. Since the upgrade, it seems log half of the actual alarms.

What Signature Version are you running?


This Discussion