Configuring Syslog Host Using Nsm (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Table 38: General Report Settings
Report Settings
Email Notification Settings
NSM Reporting
SNMP Reporting
Syslog Reporting
Related
Documentation

Configuring Syslog Host Using NSM (NSM Procedure)

Copyright © 2010, Juniper Networks, Inc.
You can also use this tab to set thresholds determining how many packets of a particular
type the packet process unit (PPU) sends to the CPU per second, before dropping
subsequent packets of that type. The PPU is a hardware processor in some security
device systems that forwards packets to the flow CPU. Enabling PPU packet drop
thresholds adds an extra layer of DoS-attack protection to the device, similar to
SYN-cookie and SYN-proxy. PPU protection prevents DoS attacks from overwhelming
the flow CPU, keeping the CPU responsive to critical tasks even under heavy traffic. PPU
protection processes three categories of traffic: packets that do not use the IP protocol;
packets carrying contents other than TCP or UDP; and system-critical IP packets, including
BGP, OSPF, RIP, SNMP, system management, SIP, and H323 traffic. Table 38 on page 169
describes the general report settings.
Function
Configures a device to send messages using e-mail whenever a system event of Emergency,
Alert, Critical, or Notification severity level occurs. To configure e-mail notification, you must
specify the SMTP mail server and at least one e-mail address; if desired, you can enter a
secondary e-mail address as well.
Configures a device to report specified events to NSM. You configure the primary IP address
of the NSM Device Server and select the categories of events that are tracked on the security
device and reported to NSM. You can also set the interval at which the NSM device server polls
for policy statistics and protocol distribution events.
Configures the Simple Network Management Protocol (SNMP) agent for a device. The SNMP
agent provides a view of statistical data about the network, the devices in it, and system events
of interest.
You also must enable SNMP manageability on the interface through which the applicable
SNMP manager communicates with the SNMP agent in the security device.
Configures a device to generate syslog messages for system events at predefined severity
levels. It also generates messages for all event and traffic log entries that the security device
can store internally. It sends these messages over UDP (port 514) to up to four designated
syslog hosts running on UNIX/Linux systems. When you enable syslog reporting, you also
specify which interface the security devices use to send syslog packets.
Setting ScreenOS Authentication Options Using Infranet Settings Overview on page 167
Configuring Syslog Host Using NSM (NSM Procedure) on page 169
To configure syslog hosts using NSM:
Click the Add icon in the Syslog configuration screen. The host configuration dialog
1.
box appears.
Specify the hostname and the port to which the security device sends syslog messages.
2.
For each syslog host, you specify the following:
3.
Chapter 5: Administration
169