I have upgraded an IPS to version 6.2(1)E3, I am now having issues with being able to retrieve events from my unit via RDEP, the problem is with the amount of data I am getting, I know after 5.0 the eventStore was fixed to about 30MB but I am not getting anywere near that. Does anybody know of any issues with this release.
Have you been watching the log to see how often it rotates? A default Cisco signature set is extremely noisy and on a busy sensor I've seen the eventstore rotate every 60-90 seconds. At those rates, RDEP/SDEE can only retrieve 500 or 1000 events per pull and it may not be fast enough.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...