How can you tell the history of what quarantine rules were used and when they were used on a Network Intrusion Prevention System?
The current active quarantine rules can be viewed in the Local Management Interface (LMI) of the system.
- If using firmware 4.x, the rules will be located under Secure Protection Settings > Response Tuning > Quarantine Rules.
- If using firmwares 1.x, 2.x or 3.x, the rules will be located under Intrusion Prevention > Quarantined Intrusions.
This view does not show the history of the quarantine rules. If you need to review quarantine rules that are no longer present in the LMI, you can view the contents of the following file on the system:
- If using firmware 4.x:
- If using firmwares 1.x, 2.x or 3.x:
This log file contains entries showing when quarantines are added, expired or deleted (manually removed). To view this file, you can use one of the following options:
- Access the system via SSH or console connection and log in as the root user. View the file using Linux command line commands such as cat.
- Use a program such as WinSCP to download the file from the appliance and view it on your desktop in a text editor.
If the above information does not resolve your issue, please contact IBM Security Systems Technical Support.
|Security||Proventia Virtualized Network Security Platform||Firmware||3.3, 4.1, 4.3, 4.4, 4.5, 4.6|
|Security||IBM Security Network Intrusion Prevention System||Firmware||4.1, 4.2, 4.3, 4.4, 4.5, 4.6|