Red Hat NETWORK 3.6 - Betriebsanweisung PDF herunterladen (Seite 21)

> outbound-interactive-session (5)

> inbound-interactive-session (6)

> internal-encrypted-session (7)

> outbound-encrypted-session (8)

> inbound-encrypted-session (9)

The number in parentheses represents the corresponding

plugin ID field.

detect-interactive-

sessions

This keyword block specifies a set of “dependency” and

“exclude” statements that the PVS uses to analyze sessions

that contain interactive traffic. The dependency keywords

identify the specific PVS IDs that have been detected on a

host before an analysis of a session occurs. The exclude

keyword specifies a list of protocol filters (please refer to

“Appendix 1”) for which the PVS should avoid performing

interactive detection. When an encrypted session is detected,

an alert is generated showing source, destination, ports, and

session type. For a list of session types, refer to the detect-

encryption option above.

high-speed

The PVS is designed to expect to find various protocols on

non-standard ports. For example, the PVS can easily find an

Apache server running on a port other than 80. However, on

a high-speed network, the PVS can be placed into a “high-

speed” mode that allows it to focus certain plugins on specific

ports. When the high-speed keyword is specified, any plugin

that has the keywords hs_dport or hs_sport defined will be

executed only on traffic traversing the specified ports. The

high-speed keyword takes no arguments.

strip-vlan-tags

If your network contains one or more VLANs you will need to

enable or disable this setting to monitor the desired network.

With the strip VLAN tags setting enabled, PVS will

only be able to process traffic that contains VLAN

tags. Likewise, with the setting disabled, PVS will

only be able to process traffic that does not

contain VLAN tags. Multiple PVS servers will need

to be deployed in mixed environments.

realtime-file

This file is used to record PVS detected real-time events with

a time-stamped entry.

max-realtime-file

The max-realtime-file option specifies the maximum

amount of data from real-time IDS events that will be stored

in one text file. The option must be specified in kilobytes,

megabytes, or gigabytes by appending a “K”, “M”, or “G” to

the value. After this value is reached, a numbered file with

the same base name as above will be used to store additional

events. When the option is disabled, there is no limit on real-

1 2 ... 16 17 18 19 20 21 22 23 24 25 26 ... 60 61

Kommentare zu diesen Handbüchern

Keine Kommentare

Red Hat NETWORK 3.6 - Betriebsanweisung Seite 21

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Server Red Hat NETWORK 3.6 -