D-Link DFL-2500 User Guide - Page 207
Log event from D-Link Firewall
View all D-Link DFL-2500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 207 highlights
188 Chapter 19. Intrusion Detection System (IDS) Once an IDS event occurs, the Intrusion Detection Rule is triggered. At least one new event occurs within the Hold Time, 120 seconds, thus reaching the log threshold level (at least 2 events has occurred). This results in an e-mail to be sent, containing a summery of the IDS events. Several more IDS events may occur after this, but to prevent flooding the mail server, the firewall will wait for 600 seconds (10 minutes) before sending a new e-mail, containing information about the new events. A SMTP server is assumed to have been configured in the address book, with an IP address object name "smtp-server". WebUI : 1. SMTP log receiver: - adding a SMTP log receiver System → Log and Event Receivers → Add → SMTP Event Receiver: General Enter the following: Name: smtp4IDS SMTP Server: smtp-server Server Port: 25 (by Internet standard) Fill in alternative e-mail addresses in the edit boxes(up to 3 addresses can be configured). Sender: hostmaster Subject: Log event from D-Link Firewall Minimum Repeat Delay: 600 Hold Time: 120 Log Threshold: 2 Then click OK. 2. IDS Rules: - Enabling logging in the "Log Settings" configuration page for a specific IDS rule and using All receivers or specific receiver "smtp4IDS" configured above as log receiver. D-Link Firewalls User's Guide