109BIG-IQ®Security: Administration

Description Protocol Security

- DNS Security

Specifies, when enabled, that the system logs rejected DNS requests.

Log Rejected Requests

Specifies, when enabled, that the system logs malicious DNS requests.

Log Malicious Requests

Specifies the format type for log messages. You can configure the following options:

Storage Format

• None Specifies that the system uses the default format type to log the messages

to a Remote Syslog server. This is the default setting.

• Field-List Specifies that the system uses a set of fields, set in a specific order,

to log messages. When Field-List is selected, specify the field list as follows. • Specify the delimiter string in the Delimiter field. The default delimiter is

the comma character (,).

Note: You may not use the $ character because it is reserved for internal usage.

• Select the fields to use. Unused fields are in the Available list, selected fields are in the Selected list. Use the Move arrow buttons to transfer the selected items between the lists.

• User-Defined Specifies that the format the system uses to log messages is in

the form of a user-defined string. Select the items for the server to log. Unused items are in the Available list, selected items are in the Selected list. Use the Move arrow buttons to transfer the selected items between the lists.

In the Protocol Security SIP Security section, you configure where the system logs any dropped and malformed malicious SIP requests, global and request failures, redirected responses, and server errors.

Description Protocol

Security - SIP Security

Specifies the name of the log publisher used for logging SIP protocol security events. Select a log publisher configured in your system.

Publisher

Specifies, when enabled, that the system logs dropped requests.

Log Dropped Requests

Specifies, when enabled, that the system logs global failures.

Log Global Failures Requests

Specifies, when enabled, that the system logs malformed requests.

Log Malformed Requests

Specifies, when enabled, that the system logs redirection responses.

Log Redirection Responses Requests

Specifies, when enabled, that the system logs request failures.

Log Request Failures

Specifies, when enabled, that the system logs server errors.

Log Server Errors

110

Description Protocol

Security - SIP Security

Specifies the format type for log messages. You can configure the following options:

Storage Format

• None Specifies that the system uses the default format type to log the messages

to a Remote Syslog server. This is the default setting.

• Field-List Specifies that the system uses a set of fields, set in a specific order,

to log messages. When Field-List is selected, specify the field list as follows. • Specify the delimiter string in the Delimiter field. The default delimiter is

the comma character (,).

Note: You may not use the $ character because it reserved for internal usage.

• Select the fields to use. Unused fields are in the Available list, selected fields are in the Selected list. Use the Move arrow buttons to transfer the selected items between the lists.

• User-Defined Specifies that the format the system uses to log messages is in

the form of a user-defined string. Select the items for the server to log. Unused items are in the Available list, selected items are in the Selected list. Use the Move arrow buttons to transfer the selected items between the lists.

In the Network Firewall section, you configure which network firewall events the system logs, and where they are logged.

Description Network Firewall Security - Network Firewall

Specifies the name of the log publisher used for logging Network events. Select a log publisher configured in your system.

Publisher

Defines a rate limit for all combined network firewall log messages per second. Beyond this rate limit, log messages are not logged. You can select a Rate Limit

Aggregate Rate Limit

value of Indefinite, which sets the rate limit to the maximum of 4294967295, or you can select Specify to specify a lower rate limit as an integer between 0 and 4294967295.

Specifies, when enabled, that the system logs packets that match the ACL rules. When specifying the Rate Limit with one of the match types, a value of Indefinite

Log Rule Matches

sets the rate limit to the maximum of 4294967295, and a value of Specify allows you to specify a lower rate limit as an integer between 0 and 4294967295. • Accept Specifies, when enabled, that the system logs packets that match ACL

rules configured withaction = Accept. When enabled, you can specify a rate limit for all network firewall log messages with this action. If this rate limit is exceeded, log messages of this action type are not logged until the threshold drops below the specified rate. You can pecify a Rate Limit value of Indefiniteor

Specify.

• Drop Specifies, when enabled, that the system logs packets that match ACL

rules configured withaction = Drop. When enabled, you can specify a rate limit for all network firewall log messages with this action. If this rate limit is exceeded, log messages of this action type are not logged until the threshold

111