Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[NSM/IDP] How to setup NSM to log packets for IDP attacks

0

0

Article ID: KB15842 KB Last Updated: 25 Oct 2012Version: 2.0
Summary:

This article provides information on how to obtain packet captures of certain attacks, so that they can be analyzed by JTAC or any other interested party.

Symptoms:

The NSM/IDP administrator requires information on how to set up packet logging on the IDP policy on NSM.

Cause:
  • The NSM/IDP administrator may want to view the packet data to determine false positives, and so on; this article provides the procedure to do so.

  • Packet logging has a performance impact, as the IDP will now need to log packets for every connection for that service criterion, until it knows that the packets do not contain the specified attack(s). It is recommended to run this as quickly as possible.
Solution:
Perform the following procedure to setup the IDP packet capture:

  1. In NSM, Click Configure and then click Policy Manager.

  2. Click the Policy for the IDP device.

  3. Now, click the Notification column in the policy and select Configure from the drop-down menu.

  4. Select the Logging check box.

  5. Select the Log Packets check box.

  6. Set the number of packets to collect before and after the required packet (if you require technical support for a signature issue, JTAC requires the collection value to be set to 20 packets before and 20 packets after).

  7. Now update the device with the policy changes.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search