Understanding IDP Rule Notifications

Notification defines how information is to be logged when an action is performed. When attacks are detected, you can choose to log an attack and create log records with attack information and send that information to the log server.

By using notifications, you can also configure the following options that instruct the log server to perform specific actions on logs generated for each rule:

• Set Alerts—Specify an alert option for a rule in the IDP policy. When the rule is matched, the corresponding log record displays an alert in the alert column of the Log Viewer. Security administrators use alerts to become aware of and react to important security events.
• Send Emails—Specify this option to send a notification to a specified e-mail address.
• Run Scripts—Run a specified script on a log server.
• Set Severity Level—Set severity levels in logging to support better organization and presentation of log records on the log server. You can use the default severity settings of the selected attack objects or choose a specific severity for your rule. The severity you configure in the rules overrides the inherited attack severity. You can set the severity level to the following levels:
  • Info—2
  • Warning—3
  • Minor—4
  • Major—5
  • Critical—7

Related Topics

• Understanding IDP Rule Match Conditions
• Understanding IDP Rule Objects
• Understanding IDP Rule Actions
• Understanding IDP Rule IP Actions

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.