[
Contents]
[
Prev]
[
Next]
[
Index]
[
Report an Error]
Monitoring Firewall
Intrusion Detection Services (IDS)
To view intrusion detection service (IDS) information for stateful firewall
filters, select Monitor>Firewall>IDS Information. Click
one of the following criteria to order the display accordingly:
-
Bytes (received bytes)
-
Packets (received packets)
-
Flows
-
Anomalies
To limit the display of IDS information, type or select information
in one or more of the Narrow Search boxes listed in Table 61,
and click OK.
Table 61: IDS Search-Narrowing
Characteristics
|
Narrow Search Box
|
Entry or Selection
|
|
Destination Address
|
Type a destination address prefix to display IDS information for only
that prefix.
|
|
IDS Table
|
Select one of the following:
-
Destination—Displays information for
an address under attack.
-
Pair—Displays information for a suspected
attack source and destination pair.
-
Source—Displays information for an
address that is a suspected attacker.
|
|
Number of IDS Entries to Display
|
Select a number between 25 and 500 to
display only a particular number of entries.
|
|
Threshold
|
Type a number to display events with only that number of bytes, packets,
flows, or anomalies—whichever you selected to order the display. For
example, to display all events with more than 100 flows, click Flows and
then type 100 in the Threshold box.
|
|
Service Set
|
Select a service set to display information for only the set.
|
Alternatively, enter the following CLI show commands:
-
show services ids destination-table
-
show services ids source-table
-
show services ids pair-table
Table 62 summarizes key output
fields for stateful firewall filter intrusion detection.
Table 62: Summary
of Key Firewall IDS Output Fields
|
Field
|
Values
|
|
Source Address
|
Source address for the event.
|
|
Destination address
|
Destination address for the event.
|
|
Time
|
Total time the information has been in the IDS table.
|
|
Bytes
|
Total number of bytes sent from the source to the destination address,
in thousands (k) or millions (m).
|
|
Packets
|
Total number of packets sent from the source to the destination address,
in thousands (k) or millions (m).
|
|
Flows
|
Total number of flows of packets sent from the source to the destination
address, in thousands (k) or millions (m).
|
|
Anomalies
|
Total number of anomalies in the anomaly table, in thousands (k)
or millions (m).
|
|
Application
|
Configured application, such as FTP or Telnet.
|
[
Contents]
[
Prev]
[
Next]
[
Index]
[
Report an Error]