[Prev][Report an Error]

Monitoring Firewall Intrusion Detection Services (IDS)

To view intrusion detection service (IDS) information for stateful firewall filters, select Monitor>Firewall>IDS Information. Click one of the following criteria to order the display accordingly:

To limit the display of IDS information, type or select information in one or more of the Narrow Search boxes listed in Table 29, and click OK.

Table 29: IDS Search-Narrowing Characteristics

Narrow Search Box

Entry or Selection

Destination Address

Type a destination address prefix to display IDS information for only that prefix.

IDS Table

Select one of the following:

  • Destination—Displays information for an address under attack.
  • Pair—Displays information for a suspected attack source and destination pair.
  • Source—Displays information for an address that is a suspected attacker.

Number of IDS Entries to Display

Select a number between 25 and 500 to display only a particular number of entries.

Threshold

Type a number to display events with only that number of bytes, packets, flows, or anomalies—whichever you selected to order the display. For example, to display all events with more than 100 flows, click Flows and then type 100 in the Threshold box.

Service Set

Select a service set to display information for only the set.

Alternatively, enter the following CLI show commands:

Table 30 summarizes key output fields for stateful firewall filter intrusion detection.

Table 30: Summary of Key Firewall IDS Output Fields

Field

Values

Source Address

Source address for the event.

Destination address

Destination address for the event.

Time

Total time the information has been in the IDS table.

Bytes

Total number of bytes sent from the source to the destination address, in thousands (k) or millions (m).

Packets

Total number of packets sent from the source to the destination address, in thousands (k) or millions (m).

Flows

Total number of flows of packets sent from the source to the destination address, in thousands (k) or millions (m).

Anomalies

Total number of anomalies in the anomaly table, in thousands (k) or millions (m).

Application

Configured application, such as FTP or Telnet.

For more information about the J-Web Monitor task, see Monitor Tasks.


[Prev][Report an Error]