ESR series service routers.ESR-Series. User manual
•
•
Step Description Command Keys
8 Set remote server parameters for
sending IPS/IDS service statistics
in EVE format (elasticsearch)
(optional).
esr(config-ips)# logging remote-
server { <ADDR> | <IPV6-
ADDR> } [ <TRANSPORT> ]
[ <PORT> ] [ source-address
{ <SRC-ADDR> | <IPV6-SRC-
ADDR> } ]
<ADDR> – sender IP address, defined
as AAA.BBB.CCC.DDD where each
part takes values of [0..255];
<IPV6-ADDR> – IPv6 address, defined
as X:X:X:X::X where each part takes
values in hexadecimal format
[0..FFFF];
<TRANSPORT> – data transfer
protocol, by default is UDP, takes the
following values:
TCP – data transfer via TCP;
UDP – data transfer via UDP.
<PORT> – number of sender TCP/
UDP port, takes values of [1..65535],
by default is 514;
<SRC-ADDR> –IPv4 address of the
router that will be used as the source
IP address in the sent syslog
packets. By default – the IPv4
address of the interface from which
the packets are sent;
<IPV6-SRC-ADDR> – IPv6 address of
the router that will be used as the
source IP address in the sent syslog
packets. By default – the IPv6
address of the interface from which
the packets are sent.
9 Set the interval for sending IPS/IDS
service statistics in EVE
(elasticsearch) format (optional).
esr(config-ips)# logging update-
interval <INTERVAL>
<INTERVAL> –IPS/IDS service
statistics sending interval, set in
minutes.
10 Activate IPS/IDS on the interface. esr(config-if-gi)# service-ips
{ inline | monitor }
inline – this mode is set when ESR
with IPS/IDS service is put into
network break.
monitor – this mode is set when ESR
with IPS/IDS monitors mirrored
traffic.
13.6.2 Configuration algorithm for IPS/IDS rules autoupdate from external sources
Step Description Command Keys
1 Switch to the autoupdate
configuration mode
esr(config-ips)# auto-upgrade
To Next Page
Loading...