Define logging options for Exception rules
Inspection Exception rules can create a log or alert entry each time they match.
Engines, Virtual Engines, Layer 2 Engines, and Virtual Layer 2 Engines log connections by default. You can override the default logging options in an Exception rule with Continue as its action. IPS engines and Virtual IPS engines do not log connections by default.
Each individual Exception rule can be set to override the default values of the engine role.
For more details about the product and how to configure features, click Help or press F1.
Steps
Logging - Select Rule Options dialog box (Inspection Exceptions)
Use this dialog box to define Exception rule logging options in Inspection Policies.
Option | Definition |
---|---|
Override Settings Inherited from Continue Rule(s) | When selected, overrides settings defined in Continue rules higher up in the policy. |
Log Level | Select one of these options:
|
Alert | When the Log Level is set to Alert, specifies the Alert that is sent. |
Override Settings Inherited from Continue Rule(s) | When selected, overrides settings defined in Continue rules higher up in the policy. |
Store Excerpt | Stores an excerpt of the packet that matched. The maximum recorded excerpt size is 4 KB. This option allows you to quickly view the payload in the Logs view. |
Record Traffic | Records the traffic up to the limit you set in the Recording Length field. This option allows storing more data than the Excerpt option. |
Recording Length | Sets the length of the recording for the Record option in bytes. |