Chapter 7: Monitoring the Router and Routing Operations

Table 71: Summary of Key Stateful Firewall Filters Output Fields (continued)

Field

Values

Direction

Direction of the flow: I (input) or O (output).

Frames

Number of frames in the flow.

Monitoring Firewall Intrusion Detection Services (IDS)

To view intrusion detection service (IDS) information for stateful firewall filters, select Monitor>Firewall>IDS Information. Click one of the following criteria to order the display accordingly:

Bytes (received bytes)

Packets (received packets) Flows

Anomalies

To limit the display of IDS information, type or select information in one or more of the Narrow Search boxes listed in Table 72 on page 139, and click OK.

Table 72: IDS Search-Narrowing Characteristics

Narrow Search Box

Entry or Selection

Destination Address

Type a destination address prefix to display IDS information for only that prefix.

IDS Table

Select one of the following:

 

Destination—Displays information for an address under attack.

 

Pair—Displays information for a suspected attack source and destination pair.

 

Source—Displays information for an address that is a suspected attacker.

Number of IDS Entries to

Select a number between 25 and 500 to display only a particular number of entries.

Display

 

Threshold

Type a number to display events with only that number of bytes, packets, flows, or

 

anomalies—whichever you selected to order the display. For example, to display all events

 

with more than 100 flows, click Flows and then type 100 in the Threshold box.

Service Set

Select a service set to display information for only the set.

Alternatively, enter the following CLI show commands:

show services ids destination-table

show services ids source-table

show services ids pair-table

Using the Monitoring Tools 139

Page 161
Image 161
Juniper Networks J-Series manual Monitoring Firewall Intrusion Detection Services IDS, IDS Search-Narrowing Characteristics