Controlling sessions, Setting the buffer size, Monitoring the network and dealing with attacks – Fortinet Network Device IPS User Manual
Page 11: Configuring logging and alert email, Controlling sessions setting the buffer size
IPS overview and general configuration
Monitoring the network and dealing with attacks
FortiGate IPS User Guide Version 3.0 MR7
01-30007-0080-20080916
11
Controlling sessions
Use this command to ignore sessions after a set amount of traffic has passed.
The default is 204800 bytes.
config ips global
set ignore-session-bytes
end
Setting the buffer size
Set the size of the IPS buffer. The size of the buffer is model-dependent.
config ips global
set socket-size
end
Monitoring the network and dealing with attacks
After configuring IPS and enabling it in protection profiles, it is time to set up
tracking and notification of attacks. Enabling logging and alert email to maintain
user awareness of attacks on the network.
The next step is dealing with attacks if and when they occur. The FortiGuard
Center at
provides a comprehensive
Attack Encyclopedia to help decide what actions to take to further protect the
network.
This section describes:
•
Configuring logging and alert email
•
•
Configuring logging and alert email
Whenever the IPS detects or prevents an attack, it generates an attack log
message that can be recorded or sent as an alert email.
The FortiGate unit categorizes attack log messages by signature or anomaly and
includes the attack name in the log message. Enable logging and alert email for
attack signatures and attack anomalies.
To configure logging and alert email for IPS events using the web-based
manager
1
Go to Log&Report > Log Config > Log Setting.
2
Select and configure the settings for any logging locations to use.
3
Select Apply.
4
Go to Log&Report > Log Config > Alert Email.
Note: Attack and intrusion attempts occur frequently on networks connected to the Internet.
Reduce the number of log messages and alert email by disabling signatures for attacks that the
system is not vulnerable to (for example, web attacks when not running a web server).