Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 1697 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC 4.5.1.0 - Blacklisting/Suppressing Error Codes

BrickMan

Is there any effective way of doing this ?

This old KB article from 2005 (http://www.sophos.com/support/knowledgebase/article/13872.html ) is exactly what I am trying to do - but it doesn't appear to work, or maybe that it no longer works in 4.5.1.0 and EndPoint 9.5 ???

I export my existing SAV config with ;

exportconfig -type sav -output savconf.xml

Then I proceed to edit the file with the appropriate blacklist entries and then move the savconf to the appropriate distribution folder and run ;

configcid \\<servername>\<our path>\sxxx\savscfxp

It says that it updated the entries for savconf.xml and there are no problems reported, it completes successfully.

Then if I export the config again, the entries are not in the newly exported .XML file which leads me to believe that the changes were actually never stored to begin with. The errors still show up in the console as well, and these are errors that are just 'noise' and we do not want to see.

Anyone ???

:22835


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I noticed there is a table in the database called: "ErrorAlertFilters"; you could try using this, for example the command:

    sqlcmd -E -S .\sophos -d sophos45 -Q "INSERT INTO ErrorAlertFilters (Source, Number) VALUES ('SAV', '539492364') "

    This will prevent the "SAV" message:

    "2028000c  Scan [scan name] aborted."

    being displayed as 2028000c   (hex) =  539492364 (dec).

    Obviously this isn't supported and could disappear at any point (looking back through previous databases this table appears to have been there from the beginning though so I dount it will be removed anytime soon) but might help you with a simple way of suppressing error messages. This obviously doesn't prevent the message being sent from the client but it should help to clear up the console.

    Is there a particular message you're trying to suppress?

    Regards,

    Jak

    Note: It would be worth noting the contents of this table before adding to it, if you need to restore it.

    :22839
Reply
  • 0

    Hi,

    I noticed there is a table in the database called: "ErrorAlertFilters"; you could try using this, for example the command:

    sqlcmd -E -S .\sophos -d sophos45 -Q "INSERT INTO ErrorAlertFilters (Source, Number) VALUES ('SAV', '539492364') "

    This will prevent the "SAV" message:

    "2028000c  Scan [scan name] aborted."

    being displayed as 2028000c   (hex) =  539492364 (dec).

    Obviously this isn't supported and could disappear at any point (looking back through previous databases this table appears to have been there from the beginning though so I dount it will be removed anytime soon) but might help you with a simple way of suppressing error messages. This obviously doesn't prevent the message being sent from the client but it should help to clear up the console.

    Is there a particular message you're trying to suppress?

    Regards,

    Jak

    Note: It would be worth noting the contents of this table before adding to it, if you need to restore it.

    :22839
Children
No Data