Table of Contents
Advertisement
Network and Security Manager Administration Guide
458
traffic that exceeds the alarm threshold in the rule, the device generates an alarm log
entry for that describes that event and displays it in the Log Viewer.
You must enable counting before you can enable alarms. Although you can enable
counting without also enabling alarms, NSM does not use the counting data except to
trigger alarms. If you do not intend to use alarms, you should leave counting disabled.
Additionally, because counting can impact performance during heavy traffic periods, you
should enable counting and alarms only for firewall rules that detect important activity.
Configuring Log Actions
Use the Log Actions tab that appears when you select Log/Count in the Rule Options
column to configure the following actions to occur when a log is generated from a specific
rule:
Sending SNMP Trap—Selecting this option directs the system to output logs to an
SNMP server in SNMP format.
Sending Syslog Messages—Selecting this option directs the system to output logs to
a syslog server in syslog format.
Writing CSV files—Selecting this option and specifying a filename directs the system
to output logs using in CSV format.
Writing XML Files—Selecting this option and specifying a filename directs the system
to output logs using XML.
Sending Email—Selecting this option directs the system to output logs to an e-mail
address in SMTP format. You must specify the recipient e-mail address(es) that receives
the exported log records.
Running Scripts—Selecting this option directs the system to execute a script and report
output status. You must specify the script that receives the exported log records (script
must be located in the /usr/netscreen/DevSvr/var/scripts/global directory). In the
event that the script fails, you can also configure the system to retry or skip running
the script again.
You can configure log actions to occur for all rulebases, such as the IDP or Backdoor
rulebases, that include logging options.
You can configure parameters for forwarding logs to SNMP, Syslog, Email, CSV and XML
in the Action Parameters node of the Action Manager.
Miscellaneous
The following sections detail the Miscellaneous rule options.
Schedule
To control the time period that your security device applies the rule to your network traffic,
you can define a schedule for the rule. If you define a schedule, the security device applies
the rule to your network traffic only during the time period specified in the schedule; if
you do not specify a schedule, the rule is always applied to your network traffic.
In NSM, schedules are represented by schedule objects. Before you can define a schedule
for a rule, you must create a schedule object that describes a time period. The schedule
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
