ProCurve Secure Router OS Firewall—Protecting the Internal, Trusted Network
Configuring Logging
4-26
Specifying How Many Attacks Generate a Log
By default, the firewall generates a log after it blocks 100 attacks. This setting
is called the attack log threshold. (An attack log has an error priority.)
You can alter this threshold. Set the attack log threshold from the global
configuration mode context by entering:
Syntax: ip firewall attack-log threshold <number of attacks blocked>
You can set the threshold from 1 to 4,294,967,295.
For example, you might want to determine the times of day at which your
network receives the most attacks. Lowering the threshold lets you zero in
more precisely on when attacks actually occur. For example:
ProCurve(config)# ip attack-log firewall threshold 10
Specifying How Many Policy Matches Generate a Log
The Secure Router OS firewall is a stateful-inspection firewall that supports
packet filtering. You customize filters, or ACPs, that the firewall uses to
determine whether it should forward or drop each packet that arrives on an
interface. The firewall automatically produces a log after it matches 100
packets to an ACP. This setting is the policy log threshold.
When you apply an ACP to an interface, all packets are filtered. Policy logs
show how many packets are dropped and how many are allowed to pass.
Dropped packets, unlike those that produce attack logs, do not necessarily
have the earmarks of an attack: they are simply to or from hosts that the
interface's access policy does not permit. A policy log has an informational
event priority.
You can monitor the traffic passing through your router by examining the
policy logs. As with attack logs, the lower you set the threshold, the more
precise, moment-to-moment picture you receive about your system. On the
other hand, setting the threshold too low can clutter the event-history log with
unnecessary information and consume processing power.
To set the policy log threshold, enter:
Syntax: ip firewall policy-log threshold <number of matches>
You can set the threshold from 1 to 4,294,967,295. For example:
ProCurve(config)# ip firewall policy-log threshold 150