Example: Configuring IDP Log Suppression Attributes

This example shows how to configure log suppression attributes.

Requirements

Before you begin:

• Configure network interfaces. See the Junos OS Interfaces Configuration Guide for Security Devices.
• Download the signature database. See Updating the IDP Signature Database Manually Overview.

Overview

Log suppression ensures that minimal numbers of logs are generated for the same event or attack that occurs multiple times. Log suppression is enabled by default. You can configure certain log suppression attributes to suppress logs according to your needs.

In this example, you configure log suppression to begin after the second occurrence of an event and specify that logs are reported after 20 seconds.

Configuration

Step-by-Step Procedure

To configure log suppression attributes:

1. Specify the log number after which you want to start log suppression.
   [edit]user@host# set security idp sensor-configuration log suppression start-log 2
2. Specify the maximum time after which suppressed logs are reported.
   [edit]user@host# set security idp sensor-configuration log suppression max-time-report 20
3. If you are done configuring the device, commit the configuration.
   [edit]user@host# commit

Verification

To verify the configuration is working properly, enter the show security idp command.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices
• Updating the IDP Signature Database Manually Overview
• Example: Defining Rules for an IDP IPS Rulebase
• Understanding IDP Log Suppression Attributes