Intrusion Prevention

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

Integration IDP-800 with NSM3000

Jump to Best Answer
  • 1.  Integration IDP-800 with NSM3000

    Posted 03-03-2012 21:01

    I am integrating an IDP 800 with NSM 3000, but I can't see the packets captured in NSM's log, someone knows what is the correct procedure to integrate them?

    Tested port mirror connecting my laptop running wireshark and I am receiving packets, also checked the capture packet counters on IDP with the command "sctop" and option "s" and i see that the counter packets UDP and ICMP is incremented using attack UDP flooder.

    I am using a release 5.1r3 on IDP and 2011.4 on NSM

    Thanks



  • 2.  RE: Integration IDP-800 with NSM3000

    Posted 03-05-2012 11:15

     

    Please check the settings shown in "Enabling Collection of Packet Data in NSM Logs (NSM Procedure)."

     

    We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can send your comments to techpubs-comments@juniper.net, or fill out the documentation feedback form.

     

    Thank you.

     



  • 3.  RE: Integration IDP-800 with NSM3000

    Posted 03-06-2012 19:58



    I had already reviewed this document but did not work, although I have a question about pcap file, these are created automatically or need to enter any command to create?, the question is because aren't present in the path mentioned in the document

     

    Regards.



  • 4.  RE: Integration IDP-800 with NSM3000
    Best Answer

    Posted 03-06-2012 21:08

     

    The IDP system captures packets if the rule matches and the rule that matches has packet logging enabled. The packet capture is collected with the event log that indicates the rule match occured. Here are a few pointers to docs:

    We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can send your comments to techpubs-comments@juniper.net, or fill out the documentation feedback form.

     

    Thank you.