Intrusion Prevention

  • 1.  Integration IDP-800 with NSM3000

    Posted 03-03-2012 21:01

    I am integrating an IDP 800 with NSM 3000, but I can't see the packets captured in NSM's log, someone knows what is the correct procedure to integrate them?

    Tested port mirror connecting my laptop running wireshark and I am receiving packets, also checked the capture packet counters on IDP with the command "sctop" and option "s" and i see that the counter packets UDP and ICMP is incremented using attack UDP flooder.

    I am using a release 5.1r3 on IDP and 2011.4 on NSM

    Thanks



  • 2.  RE: Integration IDP-800 with NSM3000

    Posted 03-05-2012 11:15

     

    Please check the settings shown in "Enabling Collection of Packet Data in NSM Logs (NSM Procedure)."

     

    We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can send your comments to techpubs-comments@juniper.net, or fill out the documentation feedback form.

     

    Thank you.

     



  • 3.  RE: Integration IDP-800 with NSM3000

    Posted 03-06-2012 19:58



    I had already reviewed this document but did not work, although I have a question about pcap file, these are created automatically or need to enter any command to create?, the question is because aren't present in the path mentioned in the document

     

    Regards.



  • 4.  RE: Integration IDP-800 with NSM3000
    Best Answer

    Posted 03-06-2012 21:08

     

    The IDP system captures packets if the rule matches and the rule that matches has packet logging enabled. The packet capture is collected with the event log that indicates the rule match occured. Here are a few pointers to docs:

    We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can send your comments to techpubs-comments@juniper.net, or fill out the documentation feedback form.

     

    Thank you.