Documentation Search
Specifying Rule Notification Options (NSM Procedure)
Notification options determine how events that match the rule are logged. Table 1 describes IDP rulebase notification options.
To modify notification settings:
- In the NSM navigation tree, select Policy Manager > Security Policies.
- Select the security policy you want to edit.
- In the security policy pane, click the IDP tab to display the IDP rulebase table.
- Modify notification settings by right-clicking the table cell for the setting and making your selection.
- Click OK to save your changes.
Table 1: IDP Rulebase Notification Options
Option | Function |
---|---|
Event logs and alerts | Enables or disables the following delivery and handling options for logs:
|
Packet captures | Enables packet capture. Viewing the packets used in an attack on your network can help you determine the extent of the attempted attack, its purpose, whether or not the attack was successful, and any possible damage to your network. If multiple rules with packet capture enabled match the same attack, the IDP engine captures the maximum specified number of packets. For example, you configure rule 1 to capture 10 packets before and after the attack, and you configure rule 2 to capture 5 packets before and after the attack. If both rules match the same attack, the IDP engine attempts to capture 10 packets before and after the attack. You can capture up to 256 packets before the event and 256 packets after the event. Note: If necessary, you can improve performance by logging only the packets received after the attack. |