packet-log (IDP Policy)

Syntax

packet-log {pre-attack number;post-attack number;post-attack-timeout seconds;}

Hierarchy Level

[edit security idp idp-policy policy-name rulebase-ips rule rule-name then notification]

Release Information

Statement introduced in Release 10.2 of Junos OS.

Description

In response to a rule match, capture the packets received before and after the attack for further offline analysis of attacker behavior. You can configure the number of pre-attack and post-attack packets to be captured for this attack, and limit the duration of post-attack packet capture by specifying a timeout value.

Options

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.