Fortinet black logo

CLI Reference

ips settings

ips settings

This command configures settings for IPS packet logging.

config ips settings
    set packet-log-history {integer}   Number of packets to capture before and including the one in which the IPS signature is detected (1 - 255). range[1-255]
    set packet-log-post-attack {integer}   Number of packets to log after the IPS signature is detected (0 - 255). range[0-255]
    set packet-log-memory {integer}   Maximum memory can be used by packet log (64 - 8192 kB). range[64-8192]
    set ips-packet-quota {integer}   Maximum amount of disk space in MB for logged packets when logging to disk. Range depends on disk size. range[0-4294967295]
end

Additional information

The following section is for those options that require additional explanation.

packet-log-history <packets_int>

Specify number of packets to capture before and including the one in which the IPS signature is detected. Range: 0 - 255. Default is 1. If the value is more than 1, the packet containing the signature is saved in the packet log, as well as those preceding it. For example, if packet-log-history is set to 7, the FortiGate unit will save the packet containing the IPS signature match and the six before it.

Setting packet-log-history to a value larger than 1 can affect the performance of the FortiGate unit because network traffic must be buffered. The performance penalty depends on the model, the setting, and the traffic load.

packet-log-post-attack <packets_int>

Specify how many packets to log after the IPS signature is detected. Range: 0 - 255. Default is 0. If packet-log-post-attack is set to 10, the FortiGate unit will save the ten packets following the one containing the IPS signature match.

packet-log-memory <KB_int>

Specify the maximum amount of memory to use for logging packets to memory. Acceptable range: 64 - 8192 KB. Default is 256.

ips-packet-quota <MB_int>

Specify maximum amount of disk space to use for logged packets when logging to disk. Range: 0 - 4294967295 MB. Default is 0. This command affects only logging to disk.

ips settings

This command configures settings for IPS packet logging.

config ips settings
    set packet-log-history {integer}   Number of packets to capture before and including the one in which the IPS signature is detected (1 - 255). range[1-255]
    set packet-log-post-attack {integer}   Number of packets to log after the IPS signature is detected (0 - 255). range[0-255]
    set packet-log-memory {integer}   Maximum memory can be used by packet log (64 - 8192 kB). range[64-8192]
    set ips-packet-quota {integer}   Maximum amount of disk space in MB for logged packets when logging to disk. Range depends on disk size. range[0-4294967295]
end

Additional information

The following section is for those options that require additional explanation.

packet-log-history <packets_int>

Specify number of packets to capture before and including the one in which the IPS signature is detected. Range: 0 - 255. Default is 1. If the value is more than 1, the packet containing the signature is saved in the packet log, as well as those preceding it. For example, if packet-log-history is set to 7, the FortiGate unit will save the packet containing the IPS signature match and the six before it.

Setting packet-log-history to a value larger than 1 can affect the performance of the FortiGate unit because network traffic must be buffered. The performance penalty depends on the model, the setting, and the traffic load.

packet-log-post-attack <packets_int>

Specify how many packets to log after the IPS signature is detected. Range: 0 - 255. Default is 0. If packet-log-post-attack is set to 10, the FortiGate unit will save the ten packets following the one containing the IPS signature match.

packet-log-memory <KB_int>

Specify the maximum amount of memory to use for logging packets to memory. Acceptable range: 64 - 8192 KB. Default is 256.

ips-packet-quota <MB_int>

Specify maximum amount of disk space to use for logged packets when logging to disk. Range: 0 - 4294967295 MB. Default is 0. This command affects only logging to disk.