[Rtir] Training documentation on RTIR

Jarrod Loidl jarrod.loidl at its.monash.edu.au
Tue May 10 22:16:54 EDT 2005

Hi all,

I am looking at the reporting tools within RTIR and I am a little 
confused as to how to use it. I've tried searching everywhere for RTIR 
documentation and so far have found none (although I have the RT 
training manual however).

1) Reporting pages seem to display inrelevent information.

For instance, it categorises Incident Reports as follows:

Incident reports received
Spam 	0
System Compromise 	0
Query 	0
Scan 	0
Denial of Service 	0
Piracy 	0
Unclassified 	412

Why is there a classification for Spam, System Compromise, etc. when 
there is no field in which I can even set this classification, let alone 
type it? Is this meant to be a default queue and if so, why has it not 
been created by default?

Don't get me wrong, these categories would be extremely useful for us 
however if I can't make use of them, then they are effectively useless 
to me as reporting criteria.

2) Full Service, Full Service: Out of hours, Reduced Service?

What does this mean? I am assuming its the difference in terms of level 
of support provided during business hours and outside business hours, 
however I've yet to read anything explaining this. What does RTIR 
consider full service? What does it consider out of hours? What is 
reduced service?

I'm sorry if these questions seem vague but I have looked everywhere to 
try and find RTIR documentation and even the Bestpractical.com Wiki for 
RTIR looks pretty empty:

Thanks in advance,
Jarrod Loidl
IT Security of Infrastructure Services,
Information Technology Services, Monash University - Clayton
Phone: +61 3 99052055    Fax:   +61 3 99054746

More information about the Rtir mailing list