No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
collect-attack-evidence enable (intrusion prevention profile view)

collect-attack-evidence enable (intrusion prevention profile view)

Function

The collect-attack-evidence enable command enables attack evidence collection of intrusion prevention.

The undo collect-attack-evidence enable command disables attack evidence collection of intrusion prevention.

Format

collect-attack-evidence enable

undo collect-attack-evidence enable

Parameters

None

Views

Intrusion prevention profile view

Default Level

2: Configuration level

Usage Guidelines

The attack evidence collection function of intrusion prevention is disabled by default.

  • Attack evidence collection does not apply to HTTPS traffic.

  • Attack evidence collection is for troubleshooting only. Because attack evidence collection compromises system performance, you must enable it only when necessary and disable it immediately after you finish attack evidence collection.

After you enable the attack evidence collection function, the device starts to collect the packets that match the intrusion prevention profile. If the action in the intrusion prevention profile is block, the device collects only the identified threat packets and previous packets. Subsequent packets of the same session are blocked and discarded by the device, and therefore are not collected. If the action in the intrusion prevention profile is not block, the device collects all threat packets of the session.

One of the extreme conditions is that: The action in the intrusion prevention profile is not block and the device collects the packets that match the intrusion prevention profile. However, the storage space is insufficient after the device collects some threat packets. As a result, the device stops attack evidence collection.

Example

# Enable attack evidence collection in intrusion prevention profile hello.

<Huawei> system-view
[Huawei] profile type ips name hello
[Huawei-profile-ips-hello] collect-attack-evidence enable
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 205287

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next