RSA Admin

source and destination problem with Sidewinder f/w messages

Discussion created by RSA Admin Employee on Nov 9, 2009
Latest reply on Dec 14, 2009 by Charles Beierle

I have envision ES 4.0 build 0236.

I'm getting messages from from a sidewinder G2 firewall, but for some messages - e.g t_nettraffic - it is getting the source and destination the wrong way around.

 

The message file is dated 19 August. 

 

In most sidewinder messages the srcip = saddr

But in the messages where the source and dest are wrong, the message says srcip=laddr.

 

is it simply a case of editing the xml? so that srcip= saddr?

 

 

 

Thanks 

 

 

Outcomes