Event Rule Tests - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1 Manual

Strm log management users guide

Hide thumbs Also See for SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1:

Manual (36 pages)

Administration manual (92 pages)

Manual (246 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

page of 130

/ 130
Contents
Table of Contents
Bookmarks

Table of Contents

Step 12

Step 13

Event Rule Tests

Table 4-2 Event Rule Response Parameters (continued)

Parameter

Send to SysLog

Response Limiter

Enable Rule

Click Next.

The Rule Summary window appears.

Review the configured rule. Click Finish.

This section provides information on the tests you can apply to the rules including:

Event Property Tests

•

IP/Port Tests

•

Date/Time Tests

•

Device Tests

•

Event Property Tests

The event property test group includes:

STRM Log Management Users Guide

Description

Select the check box if you wish to log the event. By

default, the check box is clear.

For example, the syslog output may resemble:

Sep 28 12:39:01 localhost.localdomain

ECS: Rule 'Name of Rule' Fired:

172.16.60.219:12642 ->

172.16.210.126:6666 6, Event Name:

SCAN SYN FIN, QID: 1000398, Category:

1011, Notes: Event description

Specify the frequency you wish this rule to respond.

Select the check box to enable this rule. By default,

the check box is selected.

Creating a Rule

Table of Contents

Event Rule Tests - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1 Manual

Event Rule Tests

Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1

Related Content for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1

Table of Contents