Internet Security Systems 3.5, Desktop Protector Collecting Packet Logs

Chapter 4: Configuring RealSecure Desktop P rotector

Collecting Packet Logs

Introduction Packet logging records all the packets that enter your system. This can be useful if you

need more detailed information than evidence logs contain.

Where are my

packet log files?

Desktop Protector packet log files are stored in the installation directory folder. For

example, if you install Desktop Protector in the

Program Files

directory on the

drive,

the packet log files are located in

C:\Program Files\ISS\BlackICE

. Each file has an

*.enc

extension.

Note: If you upgraded to RealSecure Desktop Protector 3.5 from a previous version of

BlackICE, your packet log files are still stored in

C:\Program Files\Network

ICE\BlackICE

Packet log file

format

The packet log files are trace files. You must have a trace file decoding application to view

the contents of these files. Many networking and security product companies produce

such decoders. Some shareware decoders are also available on the Internet. If you are

using Windows NT or Windows 2000 Server, you can install the Network Monitoring

service, which includes Network Monitor, a decoding application. See the Windows NT or

Windows 2000 documentation for more information.

Procedure To collect packet logs:

1. From the Main Menu, click ToolsÆEdit BlackICE Settings.

2. Select the Packet Log tab.

3. Select Logging Enabled.

4. In the File prefix box, specify the prefix for the packet log file names.

■Desktop Protector automatically places an incremental counter in the filename. For

example, if you enter

ABC,

the file names will be

ABC0001.enc

ABC0002.enc

, and

so on.

5. In the Maximum Size box, specify how large each log file can get.

Note: For best results, keep this value under 2048 kilobytes (2 MB).

6. In the Maximum Number of Files box, specify how many log files to generate.

Note: The default is 10.

Packet log files are generated until the maximum number of files are used. Once the

maximum number of files are used, Desktop Protector starts replacing the first log file

with a new file, and so on.

Clearing packet logs To delete packet logs:

1. From the Main Menu, select To ols ÆClear Files.

The Files to Delete window appears.

2. Select Packet logs.

3. Click OK.

Note: Clearing packet log data does not affect the Desktop Protector intrusion detection

and firewall functions.