Symantec 10521146 Administration Guide - Page 123
Enabling or disabling blocking rules, For Every Non-Logged Events Log One Event
UPC - 037648268134
View all Symantec 10521146 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 123 highlights
Protection policies 123 Defining new protection policies ■ Select a protection policy, and click Edit > Full Event List. You can edit user-defined protection policies only. 2 To adjust your view of the event list, click Columns. See "Adjusting the view by columns" on page 119. 3 To select the events, do one of the following: ■ To select the entire event list, click Select All. ■ To select a subset of events, press Ctrl and select multiple events. 4 Click Log/Block. You can enable logging rules independently of blocking rules. See also "Enabling or disabling blocking rules" on page 123. 5 In Logging Options, do one of the following: ■ Click Log Event to enable logging. This generates an event in the Incidents tab each time a selected event is detected and blocked. ■ Unclick Log Event to disable logging. 6 If you enabled logging, then in Log Event, do one of the following: ■ To log all events, click Log For All IPs. ■ To log selected events, click Log For Selected IP Ranges. ■ To avoid logging selected events, click Log All Except IP Ranges. You can use this option as a partial filter to alert you periodically about non-logged event types. 7 If you chose to log a subset of events, then in Logging Options, specify the subset by doing the following: ■ Provide the Source and Destination IP addresses. ■ Provide the optional mask and port numbers, and click Add. 8 In Logging Options, you can keep track of non-logged event types by clicking For Every Non-Logged Events Log One Event and entering a number. 9 In Note For Selected Event Type(s), you can add an optional note, and click OK. Event Details displays this annotation each time this policy detects the annotated event. See "Viewing event details" on page 197. Enabling or disabling blocking rules The Symantec Network Security 7100 Series now provides the ability to prevent malicious traffic from entering your network. If sensors indicate that unexpected traffic is penetrating the firewall or router, you can block it by