The IDS and IPS pages list suspicious network activity that was:
- Detected by your IDS policies.
- Prevented by your IPS policies.
Important
Snort provides the signatures and log descriptions. Please refer to their documentation or contact them for information on interpreting or taking action on logs
Before you begin
To have logs, you must have previously turned logging on to collect data:
- Go to Services > Intrusion system > Signatures.
- Ensure the Use syslog for Intrusion logging checkbox is selected.
- Select Save.
The amount of logs you can report on depends on your Syslog > System Log settings.
View the logs
- Go to Reports > Logs > IDS or IPS.
- Select the Month and Day to report on data up to one year in the past.
Note
You can select a date that does not exist (for example, February 31st), but no data shows.
- Select Update.
- You will see columns for:
- Date: When the log occurred.
- Name: Descriptive text taken from the policy.
- Priority: How important is it that action is taken as a result of the log.
- Type: Explanatory notes that group logs by what occurred.
- IP info: The source of the traffic.
- (IDS only) Source NIC: The interface traffic was received on.
Export the data
- Choose your data:
- Select the Month and Day.
- Select the Export all dates checkbox to include all data your Smoothwall Appliance currently holds (depending on your Syslog > System Log settings).
- Choose your Export format:
- Leave as the default Comma Separated Value.
- Change to Raw Format.
- Change to Tab Separated Value.
- Select Export.