I have some questions regarding the ids module. A router is connected to the internet and is using the software firewall. There is also a NM-CIDS in the router.
1) What is the sequence when a packet arrives from the internet?
Is it internet -> firewall -> ids?
2) Does the command "ids-service module monitoring" imply that traffic is sent to the IDS inbound and outbound?
3) The event viewer in the IDM shows a lot of events. Does it mean that the firewall is not dropping the packets? Is the IDM the only place to monitor the events or can they be sent to a syslog server?
4) In case there is an event, what can the module do to block the attack since it is not in line?