[
Contents]
[
Prev]
[
Next]
[
Index]
[
Report an Error]
Monitoring Firewall Intrusion
Detection Services (IDS)
To view intrusion detection service (IDS) information for stateful
firewall filters, select Monitor>Firewall>IDS Information. Click one of the following criteria to order the display accordingly:
-
Bytes (received bytes)
-
Packets (received packets)
-
Flows
-
Anomalies
To limit the display of IDS information, type or select information
in one or more of the Narrow Search boxes listed in Table 72, and click OK.
Table 72: IDS Search-Narrowing Characteristics
|
Narrow Search Box
|
Entry or Selection
|
|
Destination Address
|
Type a destination address prefix to display IDS information
for only that prefix.
|
|
IDS Table
|
Select one of the following:
-
Destination—Displays information
for an address under attack.
-
Pair—Displays information for
a suspected attack source and destination pair.
-
Source—Displays information
for an address that is a suspected attacker.
|
|
Number of IDS Entries to Display
|
Select a number between 25 and 500 to display only a particular number of entries.
|
|
Threshold
|
Type a number to display events with only that number of bytes,
packets, flows, or anomalies—whichever you selected to order
the display. For example, to display all events with more than 100
flows, click Flows and then type 100 in the Threshold box.
|
|
Service Set
|
Select a service set to display information for only the set.
|
Alternatively, enter the following CLI show commands:
-
show services ids destination-table
-
show services ids source-table
-
show services ids pair-table
Table 73 summarizes
key output fields for stateful firewall filter intrusion detection.
Table 73: Summary of Key Firewall IDS Output Fields
|
Field
|
Values
|
|
Source Address
|
Source address for the event.
|
|
Destination address
|
Destination address for the event.
|
|
Time
|
Total time the information has been in the IDS table.
|
|
Bytes
|
Total number of bytes sent from the source to the destination
address, in thousands (k) or millions (m).
|
|
Packets
|
Total number of packets sent from the source to the destination
address, in thousands (k) or millions (m).
|
|
Flows
|
Total number of flows of packets sent from the source to the
destination address, in thousands (k) or millions (m).
|
|
Anomalies
|
Total number of anomalies in the anomaly table, in thousands
(k) or millions (m).
|
|
Application
|
Configured application, such as FTP or Telnet.
|
[
Contents]
[
Prev]
[
Next]
[
Index]
[
Report an Error]