FortiGate IPS User Guide Version 3.0 MR7
12
01-30007-0080-20080916
Monitoring the network and dealing with attacks
IPS overview and general configuration
5
Select and configure authentication if required and enter the email addresses that
will receive the alert email.
6
Enter the time interval to wait before sending log messages for each logging
severity level.
7
Select Apply.
To access log messages from memory or on the local disk
View and download log messages stored in memory or on the FortiGate local disk
from the web-based manager. Go to
Log&Report > Log Access
and select the
log type to view.
See the
FortiGate Administration Guide
and the
FortiGate Log Message
Reference Guide
for more logging procedures.
Attack log messages
Signature
The following log message is generated when an attack signature is found:
Note:
If more than one log message is collected before an interval is reached, the messages
are combined and sent out as one alert email.
Message ID:
70000
Severity:
Alert
Message:
attack_id=<value_attack_id> src=<ip_address> dst=<ip_address>
src_port=<port_num> dst_port=<port_num>
interface=<interface_name> src_int=<interface_name>
dst_int=<interface_name> status={clear_session | detected | dropped |
reset} proto=<protocol_num> service=<network_service>
msg="<string><[url]>"
Example:
2004-07-07 16:21:18 log_id=0420073000 type=ips subtype=signature
pri=alert attack_id=101318674 src=8.8.120.254 dst=11.1.1.254
src_port=2217 dst_port=25 interface=internal src_int=n/a dst_int=n/a
status=reset proto=6 service=smtp msg="signature: Dagger.1.4.0.Drives
[Reference: http://www.fortinet.com/ids/ID101318674]"
Meaning:
Attack signature message providing the source and destination
addressing information and the attack name.
Action:
Get more information about the attack and the steps to take from the
Fortinet Attack Encyclopedia in the FortiGuard Center. Copy and paste
the URL from the log message into your browser to go directly to the
signature description in the Attack Encyclopedia.
Содержание FortiGate 3.0 MR7
Страница 1: ...www fortinet com FortiGate IPS User Guide Version 3 0 MR7 U S E R G U I D E...
Страница 50: ...FortiGate IPS User Guide Version 3 0 MR7 50 01 30007 0080 20080916 Understanding the anomalies DoS sensors...
Страница 60: ...FortiGate Version 3 0 MR7 IPS User Guide 60 01 30007 0080 20080916 Index T technical support 8...
Страница 61: ...www fortinet com...
Страница 62: ...www fortinet com...