beautypg.com

Logging attacks, Logging attack messages to the attack log, Automatic message reduction – Fortinet FortiGate-800 User Manual

Page 276

background image

276

Fortinet Inc.

Logging attacks

Network Intrusion Detection System (NIDS)

To set Prevention signature threshold values

1

Go to NIDS > Prevention.

2

Select Modify

beside the signature for which you want to set the Threshold value.

Signatures that do not have threshold values do not have Modify

icons.

3

Type the Threshold value.

4

Select the Enable check box.

5

Select OK.

Logging attacks

Whenever the NIDS detects or prevents an attack, it generates an attack message.
You can configure the system to add the message to the attack log.

Logging attack messages to the attack log

Reducing the number of NIDS attack log and email messages

Logging attack messages to the attack log

To log attack messages to the attack log

1

Go to Log&Report > Log Setting.

2

Select Config Policy for the log locations you have set.

3

Select Attack Log.

4

Select Attack Detection and Attack Prevention.

5

Select OK.

Reducing the number of NIDS attack log and email messages

Intrusion attempts might generate an excessive number of attack messages. Based
on the frequency that messages are generated, the FortiGate unit automatically
deletes duplicates. If you still receive an excessive number of unnecessary
messages, you can manually disable message generation for unneeded signature
groups.

Automatic message reduction

The attack log and alert email messages that the NIDS produces include the ID
number and name of the attack that generated the message. The attack ID number
and name in the message are identical to the ID number and rule name that appear
on the NIDS Signature Group Members list.

Note: For information about log message content and formats, and about log locations, see the
FortiGate Logging and Message Reference Guide.