RSA Admin

source and destination problem with Sidewinder f/w messages

Discussion created by RSA Admin Employee on Nov 9, 2009
Latest reply on Dec 14, 2009 by Charles Beierle

I have envision ES 4.0 build 0236.

I'm getting messages from from a sidewinder G2 firewall, but for some messages - e.g t_nettraffic - it is getting the source and destination the wrong way around.


The message file is dated 19 August. 


In most sidewinder messages the srcip = saddr

But in the messages where the source and dest are wrong, the message says srcip=laddr.


is it simply a case of editing the xml? so that srcip= saddr?