RSA enVision^® Discussions

RSAAdmin · ‎2009-11-09

I have envision ES 4.0 build 0236.

I'm getting messages from from a sidewinder G2 firewall, but for some messages - e.g t_nettraffic - it is getting the source and destination the wrong way around.

The message file is dated 19 August.

In most sidewinder messages the srcip = saddr

But in the messages where the source and dest are wrong, the message says srcip=laddr.

is it simply a case of editing the xml? so that srcip= saddr?

Thanks

RSAAdmin · ‎2009-11-09

You are correct there are a number of bugs in the currently shipping Sidewinder XML. There will be an update to correct this in the next ESU.

CharlesBeierle · ‎2009-11-10

I have a ticket open on this issue. The promised resolution is the November ESU. I fixed some of the issues in the xml but there are other things that cannot be fixed purely by moding that file so hang tight if you can. It took me a lot of time to resolve the few issues that I could do something about.

RSAAdmin · ‎2009-11-11

Thanks guys. I'll wait until the ESU comes out.

CharlesBeierle · ‎2009-12-14

When rebuilding the Sidewinder functionality they did not put resolution into the Firewall table so if you are like me and looking at ipaddr.tab data you will have to rewrite your reports to use the global table. I put this in as an enhancement request.

RSA enVision® Discussions

source and destination problem with Sidewinder f/w messages

RSA enVision^® Discussions