Table of Contents
Advertisement
Configuring the Transport Layer Module
Examples
The following example shows three rules that tell the sensor to log all 10.100.100.10/32 traffic
except SSH and DNS traffic.
This example tells the sensor to log all Telnet traffic.
This example tells the sensor to log all POP email traffic for network 24.3.19.0/24.
Log Start Stop Tab
Use the Log Start Stop tab settings to tell the sensor to log or ignore TCP session starts and stops.
Session starts are noted when Syn packets are received, and stops are noted when Rst or FIN
packets are received. The events generated have [START] and [STOP] event names. In the event
data, the sequence and acknowledgment numbers are also displayed so that post-processing can
be used to determine the amount of data transferred during the session.
You can also dynamically define the number of additional packets to log when these alerts start.
This can drastically increase the amount of data logged to the local hard drive, but it can also be
used to collect a specific amount of packets, which occur after the start or stop of a network
session.
Creating Network Sensor Policies and Signatures 2-101
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?