Use
the IDSReportSet statement to specify a report set that you want to
associate with actions. A report set can include type of action, statistics
interval, logging level, trace data, and trace record size. If a
packet meets a policy rule's condition during its validity period,
the reports specified in the policy rule's action, such as logging
the packet, are produced.
Syntax
>>-IDSReportSet--+------+--| Put Braces and Parameters on Separate Lines |-><
'-name-'
Put Braces and Parameters on Separate Lines
|--+-{---------------------------+------------------------------|
+-| IDSReportSet Parameters |-+
'-}---------------------------'
IDSReportSet Parameters
.------------------------------------------------.
V |
|----+--------------------------------------------+-+-----------|
'-TypeActions--+-CONSOLE--| ConsoleData |--+-'
+-LOG--| LogData |----------+
+-STATISTICS--| StatsData |-+
'-TRACE--| TraceData |------'
ConsoleData
.-MaxEventMessage 5-.
|--+-------------------+----------------------------------------|
'-MaxEventMessage n-'
LogData
.-LogDetail No-------. .-LoggingLevel 4-.
|--+--------------------+--+----------------+-------------------|
'-LogDetail--+-Yes-+-' '-LoggingLevel n-'
'-No--'
StatsData
.-StatType Normal---------. .-StatInterval 60-.
|--+-------------------------+--+-----------------+-------------|
'-StatType--+-Exception-+-' '-StatInterval n--'
'-Normal----'
TraceData
.-TraceData HEADER----------. .-TraceRecordSize 100-.
|--+---------------------------+--+---------------------+-------|
'-TraceData--+-FULL-------+-' '-TraceRecordSize n---'
+-HEADER-----+
+-NONE-------+
'-RECORDSIZE-'
Parameters
- name
- A string 1 - 32 characters in length specifying the name of this
IDSReportSet statement.
Rule: If this IDSReportSet statement
is not specified inline within another statement, you must provide
a name value. If a name is not specified
for an inline IDSReportSet statement, a nonpersistent system name
is created.
- TypeActions
- Indicates the type of actions to be taken for IDS events. The
default value is no TypeActions are defined.
- CONSOLE
- Report IDS events to the system console.
- LOG
- Log IDS information to the syslog daemon. Low-level detail records
are optionally logged based on the LogDetail value.
- STATISTICS
- Log statistics to the syslog daemon based on the StatType value.
Result: Statistics
are always written to the syslog INFO level.
Rule: The
statistics value is applicable when the ConditionType parameter on
the IDSRule statement is Attack or TR. For other ConditionType values,
the STATISTICS value is ignored.
- TRACE
- Trace IDS information to the IDS event trace based on the TraceData
value. For attack types TCP_QUEUE_SIZE, GLOBAL_TCP_STALL, and EE_XID_FLOOD,
the TRACE value is ignored. No tracing is done for those attack types.
- MaxEventMessage
- Indicates the maximum number of event messages to be displayed
on the console during a 5-minute period for an IDS attack type. Valid
values are in the range 0 - 4 294 967 295. A value
of 0 indicates that attack console messages are not limited. The default
value is 5.
Rule: The MaxEventMessage parameter is applicable
when the ConditionType parameter in the IDSRule statement is Attack.
For other ConditionType values, the MaxEventMessage parameter is ignored.
- LogDetail
- Indicates whether detailed information is logged to the syslog
daemon.
- No
- Do not log low-level details to the syslog daemon. This is the
default value.
- Yes
- Log low-level details to the syslog daemon when detailed information
is available. Low-level details are available when a scan is detected
and when a Global TCP Stall attack is detected.
- LoggingLevel
- Indicates the syslog daemon logging level for logging IDS information.
Valid values are in the range 0 - 7. The following values map to
syslog daemon priority levels.
- 0
- Emerg/Panic
- 1
- Alert
- 2
- Crit
- 3
- Error
- 4
- Warning
- 5
- Notice
- 6
- Info
- 7
- Debug
The default value is 4.
- StatType
- Indicates the type of statistics to be gathered.
- Normal
- Gather all statistics. This is the default value.
- Exception
- Gather only exception statistics.
- StatInterval
- Indicates the interval length in minutes for collecting IDS statistics.
Valid values are in the range 0 - 4 294 967 295.
The default value is 60.
- TraceData
- Specifies the amount of information written to the IDS event trace.
- HEADER
- For IPv4 packets, trace the IP and transport headers in the packets.
For IPv6 packets, trace the IPv6 header, any extension headers, and
the transport header. This is the default value.
- FULL
- Trace the entire packet.
- NONE
- No tracing is done.
- RECORDSIZE
- Trace the amount of data specified by the TraceRecordSize parameter.
- TraceRecordSize
- Indicates the amount in bytes of packet data to trace, when TraceData
is set to RECORDSIZE. Valid values are in the range 0 - 4 294 967 295.
The default value is 100.