ips settings
This command configures settings for IPS packet logging.
config ips settings set packet-log-history {integer} Number of packets to capture before and including the one in which the IPS signature is detected (1 - 255). range[1-255] set packet-log-post-attack {integer} Number of packets to log after the IPS signature is detected (0 - 255). range[0-255] set packet-log-memory {integer} Maximum memory can be used by packet log (64 - 8192 kB). range[64-8192] set ips-packet-quota {integer} Maximum amount of disk space in MB for logged packets when logging to disk. Range depends on disk size. range[0-4294967295] end
Additional information
The following section is for those options that require additional explanation.
packet-log-history <packets_int>
Specify number of packets to capture before and including the one in which the IPS signature is detected. Range: 0 - 255. Default is 1
.
If the value is more than 1, the packet containing the signature is saved in the packet log, as well as those preceding it. For example, if packet-log-history
is set to 7, the FortiGate unit will save the packet containing the IPS signature match and the six before it.
Setting packet-log-history
to a value larger than 1 can affect the performance of the FortiGate unit because network traffic must be buffered. The performance penalty depends on the model, the setting, and the traffic load.
packet-log-post-attack <packets_int>
Specify how many packets to log after the IPS signature is detected. Range: 0 - 255. Default is 0.
If packet-log-post-attack
is set to 10, the FortiGate unit will save the ten packets following the one containing the IPS signature match.
packet-log-memory <KB_int>
Specify the maximum amount of memory to use for logging packets to memory. Acceptable range: 64 - 8192 KB. Default is 256.
ips-packet-quota <MB_int>
Specify maximum amount of disk space to use for logged packets when logging to disk. Range: 0 - 4294967295 MB. Default is 0. This command affects only logging to disk.