IPS sensors Intrusion Protection
FortiGate Version 4.0 MR1 Administration Guide
544 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
To enable packet logging for a signature
1 Create either a pre-defined override or a custom override in an IPS sensor. For more
information. For more information, see “Configuring pre-defined and custom overrides”
on page 541.
2 Enable Packet Log in the override.
3 Select the IPS sensor in the protection profile applied to the firewall policy that allows
the network traffic the FortiGate unit will examine for the signature.
Viewing and saving logged packets
Once the FortiGate unit logs packets, you can view or save them.
To view and save logged packets
1 Go Log & Report > Log Access.
2 Depending on where the logs are configured to be stored, select the appropriate tab:
• Memory: Select Memory if logs are stored in the FortiGate unit memory.
• Disk: Select Disk if the FortiGate unit has an internal hard disk and logs are stored
there.
• Remote: Select Remote if logs are sent to a FortiAnalyzer unit or to the FortiGuard
Analysis and Management Service.
3 Select the Attack Log log type.
4 Select the Packet Log icon of the log entry you want to view.
The IPS Packet Log Viewer window appears.
Figure 323: Log entry with packet log icon
Note: Setting packet-log-history to a value larger than 1 can affect the maximum
performance of the FortiGate unit because network traffic must be buffered. The
performance penalty depends on the model, the setting, and the traffic load.
To Next Page
Loading...
Need help?
General
