Figure 62 View Log File Page

To specify the types of events to be recorded in the FireScreen log file, access the Configure FireScreen menu and choose Set Options. See Section : Setting Command-Line Options for more information.

Viewing FireScreen Statistics

FireScreen invokes the /usr/sbin/screenstat command to display statistics for IP packet handling.

To view FireScreen statistics, choose View Statistics from the View FireScreen Status menu.

The statistics are displayed (Figure 63).

Figure 63 View Statistics Page

Snort Intrusion Detection System

Snort is an intrusion detection system which enables you to log packets, and track network activity on IP networks. Snort files are installed in the following directories:

Directory

Contents

Subset

/usr/internet/security

Snort executable Snort configuration file

IAESNORT

/usr/internet/docs/snort

Snort documentation

IAESNORT

On Tru64 UNIX, Snort runs in two different modes: sniffer, packet logger, and network intrusion detection. Network intrusion detection currently does not work on Tru64 UNIX. In sniffer mode, Snort will continually read packets from the network and display them on the console. In packet logger mode, it will write the packets to a log file on disk.

Sniffer Mode — display TCP/IP packet headers

./snort -v(show IP and TCP/UDP/ICMP headers)

./snort -vd(include packet data)

184 Network Security Administration

Page 183 Page 185
Page 184
Image 184
HP UX Internet Express Software manual Snort Intrusion Detection System, Viewing FireScreen Statistics
Page 183 Page 185
Top Page Image Contents