Intrusion Prevention

  • 1.  HOW TO CHECK IDP LOGS

    Posted 03-22-2014 23:51

    Dear All,

     

    I need to know how can i check IDP logs in SRX 240 Firewall and also is it possible to Transfer logs to syslogs.

     

    If somebody is trying to target or intrude the Network is it possible to Check through IDP LOgs?

     

    Kindly Asist

     

    Best Regards

    Toufeeq



  • 2.  RE: HOW TO CHECK IDP LOGS
    Best Answer

     
    Posted 03-23-2014 03:21

    Dear 

     

    It was better to post this under SRX section ,

     

    the below link will help u to enable IDP logging and post the logs in local file , 

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB17291&smlogin=true

     

    if you'd like to send it to external syslog server , so just u need to update the syslog config for IDP as below , assuming you syslog server is 1.1.1.1 , u can even use FQDN , but make sure you configure your dns  on SRX

     

    syslog {
        host 1.1.1.1 {
            any any;
            match RT_IDP;
        }
    }



  • 3.  RE: HOW TO CHECK IDP LOGS

    Posted 09-17-2014 18:06