[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] User Defined alerts spit out hostnames instead of IP
Hi, We're running Checkpoint FW-1 4.x on Windows 2000 with a .VBS script as a UserDefined alert for intrusion detection. The script uses the method "WScript.StdIn.ReadLine" to read the current log entry. My problem is that FW-1 spits out a host name in the SRC field instead of an IP address. Naturally, when I try to determine the IP address for that hostname, sometimes the name will not resolve or the name might resolve to a different IP address than the one that was used to initiate the packet. I don't think that using the -n switch or changing the log viewer to disable name resolution will help, because this process is not related to those tools. [ The script I'm attempting to use is Andrew Roberson's ALERT1.VBS script, found at http://www.enteract.com/~lspitz/intrusion.html, to export the log entry for a dropped packet into a text file for intrusion detection. ] Is there no way to fix this? Perhaps by editing a .conf file? __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|