Table of Contents
Advertisement
Configuring the Network Layer Module
This example shows the rules to ignore fragmented packets from the internal network
(10.100.100.0/24) but log all others.
This example shows the rules to log all ICMP and UDP fragments.
Log Static Tab
The Network Sensor can be configured to log all packets from a particular network or IP address.
A Log Static rule has two arguments: a unique name to be associated with the rule, and an IP
address or CIDR mask. When traffic occurs matching these rules, an event is generated with the
name specified. Events logged by this type of rule decode IP protocol, source and destination port
for UDP and TCP as well as additional information such as TCP flags.
Procedure
To configure the Network Sensor to log packets from a particular network or IP address:
1.
Click the Network Policy View icon and the Network Policies tab.
2.
Expand the tree by clicking the expansion symbols and select the desired custom policy name.
The modules for that policy are displayed in the tree.
3.
Click the Network Layer Module in the tree.
4.
Click the Log Static tab.
2-44 Creating Network Sensor Policies
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?