网络工程 - Fortigate 800C 未在 Log&Report 上显示 IDS/嗅探器流量的数据 - 吾爱随笔录

Fortigate 800C 未在 Log&Report 上显示 IDS/嗅探器流量的数据

网络工程加强

2021-07-30 20:35:11

我在基于流的检查中有一个 Fortigate 800C，并在接口上配置了单臂嗅探器模式，并使用以下配置配置了防火墙嗅探器

config firewall sniffer
  set ips-sensore-status enable
  set ips-sensor sniffer-profile
  set logtraffic all
  set interface port9
  set status enable

但是，我无法在 Fortigate UI 上的 Log&Report->sniffer Traffic Page 上看到数据包信息/数据。任何人都可以检查/让我知道 fortigate 是否需要任何配置/设置才能使其在 IDS 的嗅探器模式下工作...？

1个回答

Configure sniffer.
        set id {integer}   Sniffer ID. range[0-9999]
        set status {enable | disable}   Enable/disable the active status of the sniffer.
        set logtraffic {all | utm | disable}   Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy.
                all      Log all sessions accepted or denied by this policy.
                utm      Log traffic that has a security profile applied to it.
                disable  Disable all logging for this policy.
        set ipv6 {enable | disable}   Enable/disable sniffing IPv6 packets.
        set non-ip {enable | disable}   Enable/disable sniffing non-IP packets.
        set interface {string}   Interface name that traffic sniffing will take place on. size[35] - datasource(s): system.interface.name
        set host {string}   Hosts to filter for in sniffer traffic (Format examples: 1.1.1.1, 2.2.2.0/24, 3.3.3.3/255.255.255.0, 4.4.4.0-4.4.4.240). size[63]
        set port {string}   Ports to sniff (Format examples: 10, :20, 30:40, 50-, 100-200). size[63]
        set protocol {string}   Integer value for the protocol type as defined by IANA (0 - 255). size[63]
        set vlan {string}   List of VLANs to sniff. size[63]
        set application-list-status {enable | disable}   Enable/disable application control profile.
        set application-list {string}   Name of an existing application list. size[35] - datasource(s): application.list.name
        set ips-sensor-status {enable | disable}   Enable/disable IPS sensor.
        set ips-sensor {string}   Name of an existing IPS sensor. size[35] - datasource(s): ips.sensor.name
        set dsri {enable | disable}   Enable/disable DSRI.
        set av-profile-status {enable | disable}   Enable/disable antivirus profile.
        set av-profile {string}   Name of an existing antivirus profile. size[35] - datasource(s): antivirus.profile.name
        set webfilter-profile-status {enable | disable}   Enable/disable web filter profile.
        set webfilter-profile {string}   Name of an existing web filter profile. size[35] - datasource(s): webfilter.profile.name
        set spamfilter-profile-status {enable | disable}   Enable/disable spam filter.
        set spamfilter-profile {string}   Name of an existing spam filter profile. size[35] - datasource(s): spamfilter.profile.name
        set dlp-sensor-status {enable | disable}   Enable/disable DLP sensor.
        set dlp-sensor {string}   Name of an existing DLP sensor. size[35] - datasource(s): dlp.sensor.name
        set ips-dos-status {enable | disable}   Enable/disable IPS DoS anomaly detection.

您可以使用此链接进行故障排除单击此处

其它你可能感兴趣的问题

上一篇设置 RTP/UDP 数据包的目标 MAC 地址下一篇QoS - 使用 L2 交换机添加 DSCP EF 标签？