Chapter 7 Monitor
ZyWALL USG Series User’s Guide
251
The following table describes the labels in this screen.
The statistics display as follows when you display the top entries by source.
Table 77 Monitor > UTM Statistics > IDP
LABEL DESCRIPTION
Collect Statistics Select this check box to have the Zyxel Device collect IDP statistics.
The collection starting time displays after you click Apply. All of the statistics in this screen
are for the time period starting at the time displayed here. The format is year, month,
day and hour, minute, second. All of the statistics are erased if you restart the Zyxel
Device or click Flush Data. Collecting starts over and a new collection start time displays.
Apply Click Apply to save your changes back to the Zyxel Device.
Reset Click Reset to return the screen to its last-saved settings.
Refresh Click this button to update the report display.
Flush Data Click this button to discard all of the screen’s statistics and update the report display.
Total Session Scanned This field displays the number of sessions that the Zyxel Device has checked for intrusion
characteristics.
Total Packet Dropped The Zyxel Device can detect and drop malicious packets from network traffic. This field
displays the number of packets that the Zyxel Device has dropped.
Total Packet Reset The Zyxel Device can detect and drop malicious packets from network traffic. This field
displays the number of packets that the Zyxel Device has reset.
Top Entries By Use this field to have the following (read-only) table display the top IDP log entries by
Signature Name, Source or Destination. This table displays the most common, recent IDP
logs. See the log screen for less common IDP logs or use a syslog server to record all IDP
logs.
Select Signature Name to list the most common signatures that the Zyxel Device has
detected.
Select Source to list the source IP addresses from which the Zyxel Device has detected
the most intrusion attempts.
Select Destination to list the most common destination IP addresses for intrusion attempts
that the Zyxel Device has detected.
# This field displays the entry’s rank in the list of the top entries.
Signature Name This column displays when you display the entries by Signature Name. The signature
name identifies the type of intrusion pattern. Click the hyperlink for more detailed
information on the intrusion.
Signature ID This column displays when you display the entries by Signature Name. The signature ID is
a unique value given to each intrusion detected.
Type This column displays when you display the entries by Signature Name. It shows the
categories of intrusions.
Severity This column displays when you display the entries by Signature Name. It shows the level
of threat that the intrusions may pose.
Source IP This column displays when you display the entries by Source. It shows the source IP
address of the intrusion attempts.
Destination IP This column displays when you display the entries by Destination. It shows the destination
IP address at which intrusion attempts were targeted.
Occurrences This field displays how many times the Zyxel Device has detected the event described in
the entry.
To Next Page
Loading...
