Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
888 Views 1 Reply Latest reply: Mar 21, 2012 12:50 PM by daloy RSS
aristides quispe Newcomer 2 posts since
Aug 10, 2011
Currently Being Moderated

Feb 28, 2012 11:45 AM

Enable the configuration from audit notification - Intrushield IPS M-6050

Hello , I have a problem. I am setting the option audit notification following the manual "NSP_Admin_Domain_Configuration_61_700-2368-00_en-us.pdf", the syslog server is a RSA Envision but checking the audit logs I see that at times reach the audit logs but at other times not.

For example,  when I log on with admin user at times I see a audit log but when I log off   I dont see the audit log in the syslog sever sometimes I can see that.

The same way when I make some modification of settings ,  sometimes fail to see the audit log and other I can to see the audit log in the RSA Envision.

 

syslog_audit_3.jpg

 

 

the configuration in the Intrushield IPS M-6050

 

configure_audit_notification.jpg

 

 

the configuration in Message Preference : Customized

$IV_AUDIT_ACTION$ $IV_AUDIT_RESULT$ $IV_AUDIT_MESSAGE$ $IV_AUDIT_USER$

 

Why is presenting this type of behavior to send the audit logs?

Is there a problem with the configuration of the audit notification in the M-6050?

 

Thanks a lot of !!

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points