Table of Contents
Advertisement
Configuring the Dynamic Module
Configuring the Dynamic Module
Dynamic Logging enables the sensor to record packets from IP addresses that are involved in
events. When an event occurs, the Network Sensor makes a best effort to grab subsequent packets
from the source and destination IP addresses of the event packet. The number of recorded packets
is determined by the specific alarm or signature. Additional amounts of Dynamic packet logging
can be set for all events, by specifying the number of Cushion packets the Network Sensor should
collect in addition to the normal number of packets specified by the signature or alarm.
For example, if a PHF attack signature has a Dynamic packet capture level of 10 packets and the
Cushion value is set to 5 packets, the Network Sensor will attempt to collect 15 packets. This
parameter is meant as an easy way to quickly turn up the sensitivity of a Network Sensor. The
extra logging may have a negative impact on system performance or on Network Sensor hard
drive space.
Procedure
To configure Dynamic logging:
1.
Click the Network Policy View icon, and then the Network Policies tab.
2.
Expand the tree by clicking the expansion symbol and selecting the custom policy name.
The modules for that policy are displayed in the tree.
3.
Click the Dynamic Module in the tree.
The Dynamic Settings window is displayed.
4.
Specify the Number of Cushion Packets the Network Sensor should collect in addition to the
normal number of packets specified by the signature or alarm.
5.
By default, the Enable Logging checkbox is selected. Deselect the checkbox to turn off
Dynamic logging.
6.
Click Commit to add your changes to the policy being configured.
2-28 Creating Network Sensor Policies
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?