User guide
Configuring the Log Evidence Response
71
Proventia Network IPS G and GX Appliance User Guide
Configuring the Log Evidence Response
Introduction You can configure the appliance to log the summary of an event. The Log Evidence
response creates a copy of the packet that triggers an event and also records information
that identifies the packet, such as Event Name, Event Date and Time, and Event ID.
Evidence logs show you what an intruder did or tried to do to the network.
The appliance logs packets that trigger events to the
/var/iss/
directory.
Configuring the log
evidence response
To configure the log evidence response:
1. Do one of the following:
■ In Proventia Manager, select Responses.
■ In SiteProtector, select Response Objects.
2. Select the Log Evidence tab.
3. Complete or change settings as indicated in the following table:
4. Save your changes.
Setting Description
Maximum Files Type the maximum number of files that the log can store.
The default is 10 files. When the log reaches the maximum file
number, it begins again with zero (0) and overwrites the
existing files.
Maximum File Size (in KB) Type the maximum file size the log can store.
The default is 10000 KB.
Log File Prefix Type the log file name prefix.
The default is "evidence."
Log File Suffix Type the log filename extension.
The default is ".enc"