track
Syntax: --track {SRC_IP |DST_IP |DHCP_CLIENT |DNS_DOMAIN}[,block_int];
Description:
When used with --rate, this keyword narrows the custom signature rate totals to individual addresses.
• SRC_IP: tracks the packet's source IP.
• DST_IP: tracks the packet's destination IP.
• DHCP_CLIENT: tracks the DHCP client's MAC address.
• DNS_DOMAIN: counts the number of any specific domain name.
• block_int has the FortiGate unit block connections for the specified number of seconds, from the client or to the server, depending on which is specified.
For example, if --rate 100,10 is added to the signature, a log entry will be created if the signature is detected 100 times in the previous 10 seconds. The FortiGate unit maintains a single total, regardless of source and destination address.
If the same custom signature also includes --track client; matches are totaled separately for each source address. A log entry is added when the signature is detected 100 times in 10 seconds within traffic from the same source address.
The --track keyword can also be used without --rate. If an integer is specified, the client or server will be blocked for the specified number of seconds every time the signature is detected.