Use the Log
Evidence tab on the
Responses page for the Network IPS appliance to log the summary of
an event. The appliance copies the suspect packet and records information
such as event name, event date, and event ID.
About this task
Navigating
in the Network IPS Local Management Interface:
To
retrieve log evidence files and rolling packet capture files, go to .
Note: The
appliance logs packets that trigger events to the /cache/packetlogger/logevidence/ directory. The
files on the directory contain packets for a single capture and are
stored by criteria that is set on this page.
Procedure
- Click the Log Evidence tab.
- Configure the following options:
Option |
Description |
Maximum Files |
Specifies
the maximum number of files the appliance stores
in the directory for each event. The default is 1000. Note: When
the log reaches the maximum file number, it continues with the sequenced number and overwrites the existing files.
|
Maximum File Size (in KB) |
Specifies the
maximum size allowed in the/var/iss/ directory.
The default is 500. |
Maximum Number of Packets per Event |
Specifies
the maximum number of packets per event the appliance
stores in the directory. The default is 100. |
Packet Capture File Format |
Specifies
the log file format as pcap or sniffer.
The default is pcap. |