Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
925
Views
10
Helpful
2
Replies

IDSM, Event Viewer > locality=OUT , can I change it?

a.gesse
Level 1
Level 1

‎05-27-2010 06:23 PM - edited ‎03-10-2019 05:00 AM

Hello,

in ISDM event viewer I see both internal (private) and external (global) addresses have
"locality"=OUT.
Does anybody know if it makes sense to change it and how, I can't find where?


  participants:  
    attacker:  
      addr: 10.7.51.233  locality=OUT 
      port: 52593 
    target:  
      addr: 204.192.12.14  locality=OUT 
      port: 80 
      os:   idSource=learned  type=linux  relevance=relevant 
  actions:  
    denyPacketRequestedNotPerformed: true

Thank you
Alexander

Labels:
0 Helpful
2 Replies 2

Scott Fringer
Cisco Employee
Cisco Employee

‎05-28-2010 04:57 AM

Alexander;

You can define Event Variables for specific IP address(es) and/or  IP address ranges and, as a result, these variable names will appear in  event Alerts as the "locality"  of applicable hosts (in place of the default "OUT").  So, for example, you may define an Event Variable, LAN for your primary  network (192.168.0.0-192.168.0.255), another Event Variable, DMZ (192.168.2.0-192.168.3.255) for a semi-protected segment located offyour  firewall, and a final Event Variable, WEB_SERVERS (1.1.1.0-1.1.1.31) for you publicly-accessible web servers.  These variable names will then be displayed in the event details.

Scott

a.gesse
Level 1
Level 1
In response to Scott Fringer

‎05-31-2010 07:34 AM

Thank you Scott

Alex

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card