'RE: [Dragonidsuser] Newbie Question'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dragonidsuser
Subject:    RE: [Dragonidsuser] Newbie Question
From:       "Dalnodar, Sean" <SDalnodar () seic ! com>
Date:       2003-03-26 17:32:38
[Download RAW message or body]

You can use the IGNORE_RULES keyword to ignore all your associated
traffic sourced from your target system, then use the STATIC keyword for
your target system, resulting in a static collect reporting only traffic
where your system is the destination.  Downside to this would be, you
will not see any traffic sourced from your target system that is
destined to other internal systems (don't know if this is a concern of
yours here) and all signature based events will be ignored if they are
sourced from this particular system.  

If there is a simpler or more effective way of doing this, I would like
to know about it also.

-----Original Message-----
From: Ryan.Bishop@exim.gov [mailto:Ryan.Bishop@exim.gov] 
Sent: Wednesday, March 26, 2003 10:44 AM
To: dragonidsuser@enterasys.com
Subject: [Dragonidsuser] Newbie Question


All -=-

I have a newbie type of question.  I want to monitor all traffic that is
inbound to a certain IP address but I do not want to see the outbound
traffic.  How would I accomplish this?

I know that I need to add a line to the dragon.net file.  Would it be
something similar to this:

SESSION
L 1.2.3.4 0

But wouldn't this just try to grab info from the IP address.

Thanks in advance.
//ryan



_______________________________________________
Dragonidsuser mailing list

For help please follow the below instructions.
You can make subsciption adjustments via email by sending a message to:

  Dragonidsuser-request@enterasys.com

with the word `help' in the subject or body (don't include the quotes),
and you will get back a message with instructions.

You must know your password to change your options (including changing
the password, itself) or to unsubscribe.  
If you forget your password, don't worry, you will receive a monthly
reminder telling you what all your enterasys.com mailing list passwords
are, and how to unsubscribe or change your options.  
_______________________________________________
Dragonidsuser mailing list

For help please follow the below instructions.
You can make subsciption adjustments via email by sending a message to:

  Dragonidsuser-request@enterasys.com

with the word `help' in the subject or body (don't include the quotes), and you will \
get back a message with instructions.

You must know your password to change your options (including changing the password, \
itself) or to unsubscribe.   If you forget your password, don't worry, you will \
receive a monthly reminder telling you what all your enterasys.com mailing list \
passwords are, and how to unsubscribe or change your options.  


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic