Default nrdirmap (Unix Director) not updating with new alerts
Anyone know why my default nrdirmap is not updating with new alerts?
I also have problems at times deleting what little alerts I have. I have run the nrDeleteOVwD script probably a hundred times already as well as stopped and restarted the HP OV processes and NR processess.
Re: Default nrdirmap (Unix Director) not updating with new alert
According to a Cisco Engineer, this can be caused by creating a Custom Signature via the SigWizMenu, nrConfigure, or IDM on the sensor in the String.TCP engine which has a blank SigStringInfo field. When that signature fires an alarm, nrdirmap expects that field to be "NON-NULL". In my case it was, and as such the nrdirmap would die severing connection to smid and eventd. In this case the signature which I created was the one posted on this forum for the SPIDA Worm (default sa account access).
I've changed my description and all seems to be working properly at this time.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...