2.17. IDP
2.17. IDP
These log messages refer to the IDP (Intrusion Detection & Prevention events) category.
2.17.1. scan_detected (ID: 01300001)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
2.17.2. idp_notice (ID: 01300002)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
NOTICE
Scan detected: <description>, Signature ID=<signatureid>. ID Rule:
<idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port:
<srcport>. Destination IP: <destip>. Destination Port: <destport>.
Closing connection.
A scan signature mapped to the "protect" action matched the traffic,
closing connection.
close
Research the advisory (searchable by the unique ID), if you suspect an
attack.
1
description
signatureid
idrule
ipproto
srcip
srcport
destip
destport
Rule Name
Deep Inspection
WARNING
IDP Notice: <description>, Signature ID=<signatureid>. ID Rule:
<idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port:
<srcport>. Destination IP: <destip>. Destination Port: <destport>.
Closing connection.
A notice signature mapped to the "protect" action matched the traffic,
closing connection.
close
This is probably not an attack, but you may research the advisory
(searchable by the unique ID).
1
description
signatureid
idrule
ipproto
srcip
225
Chapter 2. Log Message Reference