Logging attacks
Configuring synflood signature values
Logging attacks
Logging attack messages to the attack log
200
For synflood signatures, you can set the threshold, queue size, and keep alive values.
Value
Description
Threshold
Number of SYN requests sent to a
destination host or server per second. If the
SYN requests are being sent to all ports on
the destination, as opposed to just one port,
the threshold quadruples (4 x).
Queue Size
Maximum number of proxied connections
that the FortiGate unit handles. The
FortiGate unit discards additional proxy
requests.
Timeout
Number of seconds for the SYN cookie to
keep a proxied connection alive. This value
limits the size of the proxy connection table.
1
Go to NIDS > Prevention.
2
Select Modify
3
Type the Threshold value.
4
Type the Queue Size.
5
Type the Timeout value.
6
Select the Enable check box.
Alternatively, select the synflood Enable check box in the Prevention signature list.
7
Select OK.
Whenever the NIDS detects or prevents an attack, it generates an attack message.
You can configure the system to add the message to the attack log.
•
Logging attack messages to the attack log
•
Reducing the number of NIDS attack log and email messages
Use the following procedure to log attack messages to the attack log.
1
Go to Log&Report > Log Setting.
2
Select Config Policy for the log locations you have set.
3
Select Attack Log.
4
Select Attack Detection and Attack Prevention.
5
Select OK.
Note: For information about log message content and formats, and about log locations, see the
Logging Configuration and Reference Guide.
for the synflood signature.
Network Intrusion Detection System (NIDS)
Minimum
Maximum
value
value
30
3000
10
10240
3
60
Default
value
200
1024
15
Fortinet Inc.