Red Hat NETWORK 3.6 - Guía de usuario descargar pdf (Pagina 22)

time file size.

realtime-syslog

Specifies the IP address of a SYSLOG server to receive real-

time events from the PVS. Up to sixteen SYSLOG servers can

be specified for alerting. A local SYSLOG daemon is not

required. Multiple realtime-syslog keywords can be used to

specific more than one SYSLOG server.

vulndata-syslog

Specifies the IP address of a SYSLOG server to receive

vulnerability data from the PVS. Up to sixteen SYSLOG

servers can be specified for alerting. A local SYSLOG daemon

is not required.

While PVS may display multiple log events related

to one connection, it will only send a single event

to the remote SYSLOG server(s).

connections-to-

services

When enabled, this keyword causes PVS to log which clients

are attempting to connect to servers on the network and

what port they are attempting to connect to. They do not

indicate if the connection was successful, but only indicate

that an attempt to connect was made. Events detected by

the PVS of this type are logged as Nessus ID “00002”.

show-connections

When enabled, PVS will record clients in the focus network

that attempt to connect to a server IP address and port and

receive a positive response from the server. The record will

contain the client IP address, the server IP address and the

server port that the client was attempting to connect to. For

example, if four different hosts within the focus network

attempted to connect with a server IP over port 80 and

received a positive response, then a list of those hosts would

be reported under event “00003” and port 80. By default,

this feature is not enabled and it only reports on client IP

addresses that reside within the focused networks.

new-host-alert

The PVS listens to network traffic and attempts to discover

when a new host has been added. To do this, the PVS

constantly compares a list of hosts that have generated

traffic in the past to those currently generating traffic. If it

finds a new host generating traffic, it will issue a “new host

alert” via the real-time log. For large networks, the PVS can

be configured to run for several days to gain knowledge

about which hosts are active. This prevents the PVS from

issuing an alert for hosts that already exist. The number of

days the PVS should monitor traffic to learn which hosts are

active is specified by this setting. For large networks, Tenable

recommends that the PVS operate for at least one day before

detecting new hosts.

backup-interval

The PVS constantly compares its list of active hosts to the list

of hosts generating traffic to discover newly added or missing

1 2 ... 17 18 19 20 21 22 23 24 25 26 27 ... 60 61

Comentarios a estos manuales

Sin comentarios

Red Hat NETWORK 3.6 - Guía de usuario Pagina 22

Comentarios a estos manuales

Relacionado con productos y manuales para Servidores Red Hat NETWORK 3.6 -