Re: Tivoli risk manger 4.2

Are you using a standard syslog concentratod or did you get the PFSS
application from Cisco? Running on Windows I would suggest you get PFSS

If so. Are you getting Pix Events in the PFSS? If you are not getting Pix
events in the PFSS (or equivalent) check the configuration in your Pix. If
possible start a tcpdump, windump or other sniffer in order to check if
data is coming from Pix.

If you have one spare port in your Pix, it would be good to have it
connected directly to your security network in exclusive form.

By the way .. Did you set-up a security network for the communication
between all the adapters en the Risk Manager ? It is safer to have the
security data traffic private.

Regards

Alejandro de la Villa
Technology Director
Infotron SA



> Hi David,
>
> Thanks to you I was able to download and install the HostIDS and it was
> working perfectly.
>
> I have one problem now. I was trying to install the cisco pix firewall
> adapter in a windows 2000 server machine and the installation went fine
> but I am not able to receive any events form the syslog server.
>
> We have installed ciscoworks in the windows 2000 server and we are
> trying to take the events from the syslog of the ciscoworks.  How do we
> take the events from this machine.
>
> Could you help me in solving this.
>
> Thanks and Regards,
> Shias Abdul
>
>   ----- Original Message -----
>   From: David M Gordon
>   To: tme10-XtjxT7Vmt5b1ENwx4SLHqw@xxxxxxxxxxxxxxxx
>   Cc: owner-tme10-XtjxT7Vmt5b1ENwx4SLHqw@xxxxxxxxxxxxxxxx ; 
> tme10-XtjxT7Vmt5b1ENwx4SLHqw@xxxxxxxxxxxxxxxx
>   Sent: Wednesday, February 23, 2005 7:28 PM
>   Subject: Re: [tme10] Tivoli risk manger 4.2
>
>
>
>   Shias,
>           The best way to install the host IDS adapter for windows on a
> client would be to do the following:
>   1.  Download the eventmonitor.tar file from
> ftp://ftp.software.ibm.com/software/tivoli_support/misc/Security/RiskManager/adapters/TRM4.2/
>  2.  Download the winHIDS.zip file from the same location.
>   3.  Source the risk manager environment
>   4.  Untar the eventmonitor.tar file and run the launch.bat command  5.
>  Select the typical configuration and then browse to the location
> where you saved winHIDS.zip and then click next
>
>   Once the setup finished, you will have to restart your agent for the
> changes to take place.  You should now have the host IDS adapter for
> windows.
>
>   Thanks!
>   -Dave
>
>
>   David Gordon
>   Tivoli Software Quality Assurance
>
>
>
>
>         "Shias Abdul" <shias_abdul-lX4HsaoqK5cAvxtiuMwx3w@xxxxxxxxxxxxxxxx>
>         Sent by: owner-tme10-XtjxT7Vmt5b1ENwx4SLHqw@xxxxxxxxxxxxxxxx
>         02/23/2005 05:03 AM Please respond to
>               tme10
>
>
>        To <tme10-XtjxT7Vmt5b1ENwx4SLHqw@xxxxxxxxxxxxxxxx>
>               cc
>               Subject [tme10] Tivoli risk manger 4.2
>
>
>
>
>
>
>
>   Hi All,
>
>   We have installed Tivoli Risk Manager 4.2 (Event Server
> Configuration), DB2 8.1 database, TMF 4.1, TEC 3.9,  in a windows 2000
> server machine.
>
>   We have installed Tivoli Risk Manager 4.2 client installation as well
> but to configure the Host IDS we require a os_windows.xml file.
>
>   Could any of you help me to find the location where this file is
> available.
>
>   Thanks and Regards,
>   Shias Abdul