[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
Configuring Log Suppression Attributes
Log suppression ensures that minimal numbers of logs are generated
for the same event or attack that occurs multiple times. Log suppression
is enabled by default. You can configure certain log suppression attributes
to suppress logs according to your needs. When configuring log suppression,
keep in mind that log suppression can negatively impact sensor performance
if you set the reporting interval too high.
|
Before You Begin
|
- For background information, read Understanding IDP Logging.
- Establish basic connectivity. See the Getting Started
Guide for your secure router.
- Configure network interfaces. See the JUNOS Software Interfaces and Routing Configuration Guide.
- Download the signature database. See Updating the Signature Database Manually
|
You can configure the following log suppression attributes:
- Include destination addresses while performing log suppression—You
can choose to combine log records for events with a matching source
address. By default, the IDP sensor does not consider destination
when matching events for log suppression.
- Number of log occurrences after which log suppression
begins—You can specify the number of instances that a specific
event must occur before log suppression begins. By default, log suppression
begins after the first occurrence.
- Maximum number of logs that log suppression can operate
on—When log suppression is enabled, IDP must cache log records
so that it can identify when multiple occurrences of the same event
occur. You can specify how many log records are tracked simultaneously
by IDP. By default, the maximum number of log records that IDP can
operate on is 16384.
- Time after which suppressed logs are reported—When
log suppression is enabled, IDP maintains a count of occurrences of
the same event. After the specified number of seconds have passed,
IDP writes a single log entry containing the count of occurrences.
By default, IDP reports suppressed logs after 5 seconds.
In the configuration instructions for this example, you configure
log suppression to begin after the second occurrence of an event.
You also specify that logs are reported after 20 seconds.
You can use either J-Web or the CLI configuration editor to
configure log suppression.
This topic contains:
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
