With some of the alarms you have three actions to take: block, reset and log. If you have the sig. to log the alarm, the sensor will capture and store the data packet that caused the alarm. The file created is in the format IPLOG.nnn.nnn.nnn.nnn.yyyymmddhhmmss. This is the actural data that set off the alarm. The file can only be read by a packet analyzer such as Ethereal.
The files are not easy to read and you might not want to log the alarms unless you want to do some serious analysis.
The event log file contains alarms generated by the sensor. The event log file currently in use is located in /usr/nr/var. When this event log file is filled, it is closed and moved from /usr/nr/var to /usr/nr/var/new.
The sensor can be configured to automatically ftp the closed event logs from /usr/nr/var/new to another machine. Each event log file that is successfully ftp'ed is compressed and then moved from the /usr/nr/var/new directory to the /usr/nr/var/dump directory. Once in /usr/nr/var/dump, these files are named log.YYYYMMDDHHMM.Z.
Also, the sensor monitors the utilization of the /usr/nr/var/new directory. When this directory reaches a certain level of utilization, all of the files in it (/usr/nr/var/new) are compressed and moved to /usr/nr/var/dump. Once in /usr/nr/var/dump, these files are named NEWLOG.log.YYYYMMDDHHMM.Z
IP session log files:
An IP session log file contains the packets to/from a particular IP address for a particular alarm. Open ip session log files exist in the /usr/nr/var/iplog directory. When an ip session log file is closed, it's moved to /usr/nr/var/iplog/new directory.
Currently, the sensor can not be configured to automatically ftp ip session logs to another machine.
The sensor monitors the utilization of the /usr/nr/var/iplog/new directory. When this directory reaches a certain level of utilization, all of the files from it (/usr/nr/var/iplog/new) are compressed and moved to /usr/nr/var/dump. Once in /usr/nr/var/dump, these files are named IPLOG.iplog..YYYYMMDDHHMM.Z where is the IP address of the logged packets.
The /usr/nr/var/iplog/dump directory is not currently used.
Finally, the sensor monitors the /usr/nr/var partition. When the partition becomes too full, files are deleted from /usr/nr/var/dump.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...