278 Fortinet Inc.
Logging attacks Network Intrusion Detection System (NIDS)
To set Prevention signature threshold values
1 Go to NIDS > Prevention.
2 Select Modify beside the signature for which you want to set the Threshold value.
Signatures that do not have threshold values do not have Modify icons.
3 Type the Threshold value.
4 Select the Enable check box.
5 Select OK.
Logging attacks
Whenever the NIDS detects or prevents an attack, it generates an attack message.
You can configure the system to add the message to the attack log.
• Logging attack messages to the attack log
• Reducing the number of NIDS attack log and email messages
Logging attack messages to the attack log
To log attack messages to the attack log
1 Go to Log&Report > Log Setting.
2 Select Config Policy for the log locations you have set.
3 Select Attack Log.
4 Select Attack Detection and Attack Prevention.
5 Select OK.
Reducing the number of NIDS attack log and email messages
Intrusion attempts might generate an excessive number of attack messages. Based
on the frequency that messages are generated, the FortiGate unit automatically
deletes duplicates. If you still receive an excessive number of unnecessary
messages, you can manually disable message generation for unneeded signature
groups.
Automatic message reduction
The attack log and alert email messages that the NIDS produces include the ID
number and name of the attack that generated the message. The attack ID number
and name in the message are identical to the ID number and rule name that appear
on the NIDS Signature Group Members list.