This content has been marked as final. Show 2 replies
Just moved to 5.1 from 4.6 (fresh install, running old server and migrating systems across. 90% of the way there, but have an issue with RSD. New sensors deployed fine, and systems reporting in as rogue correctly (those that haven't yet been migrated to the new server). However, some systems are reporting as rogues but when I add them to the Exceptions list, they report again as rogues ten minutes later. In addition, there are duplicate entries - so each detection is like a brand new system. I'm deleting the detections, but they keep occurring - overnight I had something like 80 detections for each one. I think it may have something to do with the systems being multihomed - even though they're all being detected as the same MAC address, the systems that are exhibiting this behaviour all contain multiple NICs or iSCSI HBAs. This didn't happen with 4.6 or any other version previously, and my sensor policies are identical. Is there a setting that's changed somewhere within RSD that has altered this?
Thanks, in advance