Configuring the alarming function, Configuration guide, Table 128 – H3C Technologies H3C SecCenter UTM Manager User Manual
Page 160
152
Table 128 Fields of the DDoS event details
Field Description
Start Time
Time when the DDoS event started
End Time
Time when the DDoS event ended
Protected Network
IP network segment protected against the DDoS attack
Src IP
Source IP address of the event
Dest IP
Destination IP address of the event
Attack Type
Type of the DDoS attack
Protocol
Name of the protocol used by the DDoS attack
Measure
Attack name of a DDoS attack event
Threshold
Threshold of the DDoS attack event
Max Avg Rate
Maximum average rate of the DDoS attack event
Event Count
Total number of events occurred during the specified time
CAUTION:
Logs are aggregated at 3 o’clock in the morning every day. When you query event information of the
current month, the system displays only the data collected from the first day of the month to the day before
the current day.
Configuring the alarming function
The IPS management alarming function includes alarm configuration and alarm information. After the
alarming function is configured, when an attack or virus event matches any configured alarm condition,
the system will raise an alarm by sound or by Email and record the event. This function helps
administrators know about network threatens and take corresponding measures in time.
To use the alarming function, you need to perform related alarming configurations first.
Configuration guide
Follow these steps:
1.
From the navigation tree of the IPS management component, select Alarms under Event Analysis to
enter the event alarm page.
2.
Select the Alarm Config tab to enter the alarm configuration page, as shown in
3.
Configure the alarming function.
describes the alarm configuration items.
4.
Click Apply.