Configuring
IP Logging
One option you have is to configure the sensor to capture
all traffic related to the specified hosts. We can use the IP logging option to
log all traffic or a list of IP addresses.
|
Note |
You must enable event logging with Information as the
severity level and at least IPLogs for the type since this is an IP logging
requirement. |
Follow these steps to generate logs for specific IP addresses:
-
Select Configuration | Logging | IP
Logging in the IDS Device Manager window. The IP Logging
panel will appear.
-
To enter IP addresses, click Add.
-
Enter the source IP address to log in the IP
address field.
-
Enter 255.255.255.255 if it is a single IP
address, or enter the netmask if it is a network in the Network Mask field.
|
Note |
By selecting Monitoring | Logs | IP Logs |
Archived, the sensor begins logging and thus creates a log file that can be
viewed. Logging will continue until the address is removed from the IP Logging
list. Be aware that logging slows down the performance of the
sensor. |
Figure 5.20 shows the panel for configuring IP
logging using the IDM for version 3.1.
When we use version 4.x software, the
process is a little bit different, as shown in the following steps and in Figure
5.21:
Follow these steps to generate logs for specific IP addresses:
-
Select Administration | IP Logging in the
IDS Device Manager window. The IP Logging panel will
appear.
-
To enter IP addresses, click Add.
-
Enter the source IP address to log in the IP
Address field.
-
Enter values in the optional Duration, Number of Packets, and Number of Bytes
field.
Sections
Comments (0 posted)
Syndication
