Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Developing a Logging Strategy

    Intrusion prevention systems can generate hundreds of logs per hour. In order to make the best use of the security logs, you should develop strategic approaches to the following administrative tasks:

    • Fine-turning the security policy rules.

      Security policy rules determine the amount of logging performed by the IDP Series device, as well as automatic actions to take on offending traffic, such as dropping the session, sending a TCP reset, blocking the IP address from future connections, and so forth. See Example: Fine-Tuning a Security Policy.

    • Analyzing log event summaries and packet capture data.

      By viewing log summaries, attack reference information, and packet data, you can verify whether the severity and actions associated with a security event are appropriate, whether refinements to your security policy are required, and whether further response actions are warranted. See Example: Using NSM Log Viewer Features.

    • Managing log and packet storage.

      Your business log management and log storage policies determine where you store IDP Series device logs and security event logs. Your IDP Series device supports local logging, central collection by NSM, and forwarding to a syslog server. See Developing a Log Storage Strategy.

    Published: 2011-02-08