Version 4.1(5). Is there a global way to tune by IP(s) such that the IP(s) continue to show up, but never alert? Example, for IP 10.0.0.1 I want no alerts for any signature, but want to see the events.
Can you clarify by what you mean in terms of Alert and Event? I believe an Alert is a classification of event. So you can have non Alert type events which are more geared with the system events rather than signature alerts.
If you mean you want to recieve the alerts but not have them show up in the monitoring console, you can control this on via filters on the monitoring station.
Clarification: Say for network 10.0.0.0/24 I would want ALL the events for that network to be logged, but not have them show up on the monitoring console. For network 10.0.0.1/24 I would want selected events to be logged and have them show up on the monitoring console.
From your answer it appears that this would be done at the monitoring console and not on the sensor itself or a combination of both?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...