Using IPS packet logging in diagnostics
This type of logging should only be enabled when you need to know about specific diagnostic information, for example, when you suspect a signature is triggered by a false positive. These log messages can help troubleshoot individual problems with misidentified or missing packets and network intrusions involving malicious packets.
To configure IPS packet logging
1. Go to Security Profiles > Intrusion Protection.
2. Select the IPS sensor that you want to enable IPS packet logging on, and then select Edit.
3. In the filter options, enable Packet Logging.
4. Select OK.
If you want to configure the packet quota, number of packets that are recorded before alerts and after attacks, use the following procedure.
To configure additional settings for IPS packet logging
1. Log in to the CLI.
2. Enter the following to start configuring additional settings:
config ips settings
set ips-packet-quota <integer>
set packet-log-history <integer>
set packet-log-post-attack <integer>
end