Hi,
I've implemented Deep Inspection on a few policies on a SSG140.
If I do a "debug idp all"on the CLI I get log returned but I don't see the log messages on my syslog server.
I'm logging all traffic and events to syslog but IDP related messages like below do not show up;
SC_KQMSG_ADD_CONTEXT: service HTTP, type HTTP_STATUS, length 22, skip true
sc_ids_bfq_poll: expiring 212.61.xx.xx -> 212.61.xx.xx HTTP, BRUTE_SEARCH, count 1
sc_ids_bfq_add: added 212.61.xx.xx -> 212.61.xx.xx HTTP, BRUTE_SEARCH
_sc_http_verify_flow: (23 s2c)Content-Type: text/html
_sc_http_verify_flow: found header 'content-type:'(13, max 33699444) in line: content-type: text/html
SC_KQMSG_ADD_CONTEXT_FUNC: service HTTP, type 33, length 9, skip false
_sc_http_verify_flow: (25 s2c)Server: Microsoft-IIS/7.5
_sc_http_verify_flow: found header 'server:'(7, max 33699432) in line: server: Microsoft-IIS/7.5
SC_KQMSG_ADD_CONTEXT_FUNC: service HTTP, type 31, length 17, skip true
_sc_http_verify_flow: (21 s2c)X-Powered-By: ASP.NET
_sc_http_verify_flow: Didn't find header in line: x-powered-by: ASP.NET
Thanks in advance.
Cheers Ray
#IDP#deepinspection#syslog