2 Replies Latest reply on Nov 6, 2009 10:39 AM by NoMN

    Has anybody used MSM IPS for sniffer-like tracing of IP addresses?

      We have a need to see any traffic that involves certain subnets, external or internal, in a network where we have IDS, not IPS.  This traffic does not trigger  intrusion events that MSM will detect. We could use an ACL to direct this activity to a syslog server, but then we lose any intrusion event data in McAfee.  I have heard this has been done with UDS events but it would be helpful to have some guidance from anybody who has done this.  Thanks.