Understanding IDP Log Information Usage on the Infranet Controller

The infranet controller for the Unified Access Control (UAC) appliance can use Intrusion Detection and Prevention (IDP) attack log information sent from the Juniper Networks device to apply access policies for traffic in which IDP logs indicate an attack has been detected. Using a secure channel of communication, these IDP logs are sent to the infranet controller directly and securely. IDP attack logs are sent to the infranet controller through the JUEP communication channel.

This topic contains the following sections:

Message Filtering to the Infranet Controller

When you configure the infranet controller to receive IDP log messages, you set certain filtering parameters on the infranet controller. Without this filtering, the infranet controller could potentially receive too many log messages. The filtering parameters could include the following:

The infranet controller should only receive communications from IDP for sessions it has authenticated. See the Unified Access Control Administration Guide for details.
You can create infranet controller filters for receiving IDP logs files based on the their severity. For example, if on the infranet controller the severity is set to high, then IDP only sends logs which have a severity greater than or equal to high. See the Unified Access Control Administration Guide for details.
From the infranet controller, you can disable the receiving of all IDP logs. See the Unified Access Control Administration Guide for details.

Configuring Infranet Controller Logging

All the configuration for receiving and filtering IDP logs is done on the infranet controller. You should refer to the Unified Access Control Administration Guide for configuration information for receiving IDP logs and details on the JUEP communication channel.

Understanding IDP Log Information Usage on the Infranet Controller

Message Filtering to the Infranet Controller

Configuring Infranet Controller Logging

Related Topics