Example: Adding IDP Application Information to Attack Logging for Nested Applications (CLI)
Nested application information added to IDP attack logging after “service” and before “rule” provides information on detected Layer 7 applications. In the following example, “Facebook” appears in the log file as nested application information.
Aug 29 20:46:32 4.0.0.254 RT_IDP: IDP_ATTACK_LOG_EVENT:
IDP: at 1251603992, SIG Attack log <4.0.0.1:33000->5.0.0.1:210>
for TCP protocol and service SERVICE_IDP application FACEBOOK by rule
1 of rulebase IPS in policy idpengine. attack: repeat=0, action=NONE,
severity=MEDIUM, name=http-url-attack-test, NAT <8.11.163.220:0->0.0.0.0:0>,
time-elapsed=0, inbytes=0, outbytes=0, inpackets=0, outpackets=0,
intf:untrust:ge-0/0/1.0->trust:ge-0/0/0.0, and misc-message -
 | Note: For further information on IDP logging, refer to Understanding IDP Logging. |
Related Topics
- JUNOS Software Feature Support Reference for SRX Series and J Series Devices
- Understanding IDP Application Identification
- Understanding JUNOS Software Application Identification for Nested Applications
- Activating JUNOS Software Application Identification for Nested Applications (CLI Procedure)