Knowledge Base


A packet sniffer like Microsoft Network Monitor IPMon or Wireshark see network packets before they are analyzed by Windows and the Windows Firewall. As such it39s possible that packets are blocked by the Windows Firewall even when they show up in a packet sniffer. In most cases adding exceptions to the Windows Firewall will cause the incomi...

KB-ID 261
Category: Network Services
Applies to: All Versions

In order to monitor a different subnet with the ARP component of the network services first install the network services on a host in the subnet which needs to be monitored: KB275 Once completed install the WinPcap drivers which are required by the ARP daemon. The WinPcap drivers can either be downloaded from the web https://www.wi...

KB-ID 265
Category: Network Services
Applies to: 3.0.1 or newer

EventSentry 3.2 and newer use a different installation method for the network services please see knowledge base article 306. To install the network services on a remote host first add the host in the other subnet to the EventSentry management console machine and deploy the agent. Once you have deployed the agent open the EventSentry insta...

KB-ID 275
Category: Network Services
Applies to: 3.0 and 3.1

On the EventSentry server use the command prompt to run: nslookup 192.168.1.1 replace 192.168.1.1 with the IP address of a Syslogsending device or server This will tell you which DNS server is being utilized by your EventSentry server. You can then manually create an A record in that DNS server to specify the Syslogsending device39...

KB-ID 292
Category: Network Services
Applies to: All versions

EventSentry 3.5 and newer use different installation files for the network services please see knowledge base article 384. To install the network services on a remote host in another subnet first add the host in the other subnet to a group in the EventSentry management console and deploy the agent. Once you have deployed the agent open the...

KB-ID 306
Category: Network Services
Applies to: 3.2 through 3.4

Starting with version 3.2 of EventSentry the network services component service is available as both a 32bit and 64bit executable. New installations will automatically install the 64bit binary on 64bit operating systems but existing 32bit services will not automatically upgraded at this time. If you wish to update an existing 32bi...

KB-ID 327
Category: Network Services
Applies to: 3.2 and higher

Not all Cisco network devices are capable of producing NetFlow or sFlow data. Please refer to your particular device39s product documentation to see if your device is capable of producing either NetFlow or sFlow data. If your device does produce NetFlow or sFlow data using a standardized format you can capture this data in EventSentry. Cis...

KB-ID 334
Category: Network Services
Applies to: 3.3.1.70 and newer

Yes by using the regular expression and subject override feature in event log filters the email subject can show select properties from Snort alerts. A typical Snort alert will look similar to the one shown below: syslogfirewall.yourcompany.localauth/security.warning: May 24 19:20:05 snort47626: 119:31:1 httpinspect DOUBLE DECOD...

KB-ID 349
Category: Network Services
Applies to: 3.3 and later

Starting with version 3.3.1.84 the maximum size of the debug log file located in SYSTEMROOT\system32\eventsentry\logs can be adjusted with the debuglevelnsmaxsize registry value. This DWORD value specifies the maximum size of each debug log file in megabytes consequently the total disk space used will be twice the size of the registry val...

KB-ID 353
Category: Network Services
Applies to: 3.3.1.84 and higher

To install the network services on a remote host in another subnet first add the host in the other subnet to a group in the EventSentry management console machine and deploy the agent. Once you have deployed the agent open the EventSentry installation directory such as C:\Program Files x86 EventSentry on the EventSentry server and copy th...

KB-ID 384
Category: Network Services
Applies to: 3.5 and newer