Use the Log Evidence tab to log the
summary of an event. The appliance copies the suspect packet and records
information such as event name, event date, and event ID.
About this task
Navigating in IPS Local Management Interface:
To
retrieve log evidence files and rolling packet capture files go to .
Note: The
appliance logs packets that trigger events to the /cache/packetlogger/logevidence/ directory. The
files on the directory contain packets for a single capture and are
stored according to the criteria set on this page.
Procedure
- Click the Log Evidence tab.
- Configure the following options:
Option |
Description |
Maximum Files |
Specifies the maximum number of files the appliance stores
in the directory for all events. The default is 1000. Note: When
the log reaches the maximum file number, it begins again with zero
(0) and overwrites the existing files.
|
Maximum File Size (in KB) |
Specifies the maximum size allowed in the/var/iss/ directory.
The default is 500. |
Maximum Number of Packets per Event |
Specifies the maximum number of packets per event the appliance
stores in the directory. The default is 100. |
Packet Capture File Format |
Specifies the log file format. The default is pcap. Note: Choose pcap or sniffer.
|