Monitoring Firewall Intrusion Detection Services (IDS)

To view intrusion detection service (IDS) information for stateful firewall filters, select Monitor > Firewall > IDS Information.

Note: After you make changes to the configuration in this window, you must commit the changes immediately for them to take effect. To commit all changes to the active configuration, select Commit Options > Commit. See Using the Commit Options to Commit Configuration Changes (J-Web Procedure) for details about all commit options.

Click one of the following criteria to order the display accordingly:

Bytes (received bytes)
Packets (received packets)
Flows
Anomalies

To limit the display of IDS information, type or select information in one or more of the Narrow Search boxes listed in Table 44 and click OK.

Table 44: IDS Search-Narrowing Characteristics

Narrow Search Box	Entry or Selection
Destination Address	Type a destination address prefix to display IDS information for only that prefix.
IDS Table	Select one of the following: Destination—Displays information for an address under attack. Pair—Displays information for a suspected attack source and destination pair. Source—Displays information for an address that is a suspected attacker.
Number of IDS Entries to Display	Select a number between 25 and 500 to display only a particular number of entries.
Threshold	Type a number to display events with only that number of bytes, packets, flows, or anomalies—whichever you selected to order the display. For example, to display all events with more than 100 flows, click Flows and type 100 in the Threshold box.

Alternatively, enter the following CLI show commands:

show services ids destination-table
show services ids source-table
show services ids pair-table

Table 45 summarizes key output fields for stateful firewall filter intrusion detection.

Table 45: Summary of Key Firewall IDS Output Fields

Field	Values
Source Address	Source address for the event.
Destination address	Destination address for the event.
Time	Total time the information has been in the IDS table.
Bytes	Total number of bytes sent from the source to the destination address, in thousands (k) or millions (m).
Packets	Total number of packets sent from the source to the destination address, in thousands (k) or millions (m).
Flows	Total number of flows of packets sent from the source to the destination address, in thousands (k) or millions (m).
Anomalies	Total number of anomalies in the anomaly table, in thousands (k) or millions (m).
Application	Configured application, such as FTP or Telnet.