IDP logs

LOGGING IDP

Lets try and find a list of possible Syslog messages relating to IDP…

blogger@LEFTY> help syslog | match IDP

CHASSISD_CB_READ chassisd could not read midplane EEPROM

CHASSISD_I2C_MIDPLANE_CORRUPT Midplane I2C ID EEPROM was corrupted

IDP_APPDDOS_APP_ATTACK_EVENT IDP: DDOS attack on application

IDP_APPDDOS_APP_ATTACK_EVENT_LS IDP: DDOS attack on application

IDP_APPDDOS_APP_STATE_EVENT IDP: DDOS application state transition event

IDP_APPDDOS_APP_STATE_EVENT_LS IDP: DDOS application state transition event

IDP_ATTACK_LOG_EVENT IDP attack log

IDP_ATTACK_LOG_EVENT_LS IDP attack log

IDP_COMMIT_COMPLETED IDP policy commit completed

IDP_COMMIT_FAILED IDP commit exited with failure

IDP_DAEMON_INIT_FAILED Failed to initialize IDP daemon

IDP_IGNORED_IPV6_ADDRESSES IDP ingnores IPv6 addresses

IDP_INTERNAL_ERROR IDP daemon encountered an internal error.

IDP_POLICY_COMPILATION_FAILED IDP policy compilation failed

IDP_POLICY_LOAD_FAILED Failed to load an IDP policy

IDP_POLICY_LOAD_SUCCEEDED IDP policy loaded successfully

IDP_POLICY_UNLOAD_FAILED Failed to unload an IDP policy

IDP_POLICY_UNLOAD_SUCCEEDED IDP policy unloaded successfully

IDP_SCHEDULEDUPDATE_START_FAILED Failed to start scheduled update

IDP_SCHEDULED_UPDATE_STARTED Scheduled update has started

IDP_SECURITY_INSTALL_RESULT IDP security package install result

IDP_SESSION_LOG_EVENT IDP session event log

IDP_SESSION_LOG_EVENT_LS IDP session event log

IDP_SIGNATURE_LICENSE_EXPIRED IDP signature update license key has expired

From the descriptions looks like we will want to log to match the string “IDP_ATTACK_LOG_EVENT”

I want to send the IDP attack logs to a remote syslog (Splunk in this case – free for 500MB of logging data a day!)

Here is the config under system/syslog for that…

host 192.168.56.50 {

any any;

match IDP_ATTACK_LOG_EVENT;

source-address 10.10.10.5;

}

Followers

Search This Blog

Blog Archive

Labels

Link list 1

Translate

Report Abuse

Link list 4

Link list 3

Featured Post

Burpsuite – A Beginner’s Guide For Web Application Security or Penetration Testing

THU DINH

Pages

IDP logs

No comments:

Adsense

Translate

Adsense_2

Popular

Recent