Symptom
I configured the audit.cfg to filter TCP events on a host that is assigned multiple IP addresses using the host name. After I applied the filter, I cannot see the TCP logs for all the IP addresses.
Solution
When you apply the audit.cfg filter, the audit system resolves the host name to the IP address of the host and the host IP address to the host name. If you configure the host with more than one IP address, the audit.cfg filters the first IP address only.
To apply the audit.cfg filter to all IP addresses, specify all the IP addresses in the filter only and not the host name, for example:
TCP;*;192.168.30.138;*;R;P TCP;*;192.168.30.139;*R;P
Copyright © 2013 CA Technologies.
All rights reserved.
|
|