Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

In what partition are the IPS/TPS logs stored?

    • Updated:
    • 24 Aug 2017
    • Product/Version:
    • TippingPoint IPS N-series All
    • TippingPoint IPS NX-series All
    • TippingPoint IPS S-series All
    • TippingPoint TPS All
    • TippingPoint Virtual TPS All
    • Platform:
Summary
A: The IPS logs are stored in the "/ramLog" system partition.  Included in this partition are the following log files;
Details
Public
Log FileComments
AlertThe Alert log documents network traffic that triggers IPS filters configured with the following action sets:
- Permit +Notify
- Permit + Notify + Trace
- Trust + Notify
- Rate Limit + Notify
AuditThe audit log tracks user activity that may have security implications, including user attempts (successful and unsuccessful) to do the following:
- Change user information
- Change IPS, routing or network configuration
- Gain access to controlled areas (including the audit log)
- Update system software and attack protection filter packages
- Change filter settings
BlockThe IPS Block log documents packets that trigger IPS filters configured with any action that includes a Block + Notify or Block + Notify + Trace action, including Quarantine and TCP Reset action sets.
Packet-traceThe packet-trace log contains a list of all captured packets.
QuarantineThe Quarantine log records the IP addresses that have been added to and removed from quarantine.
SystemThe System Log contains information about the software processes that control the IPS device, including startup routines, run levels, and maintenance routines.

Note: The packet-trace log contains a list of all captured packet, not the packet themselves. Packet trace files are stored in the "/usr" partition.

The Logs provide information on system events and traffic-related events triggered by the filters that are configured on the device. The IPS device maintains an historical log file and a current log file for each log. When the current log file reaches the default size (4MB), the log is de-activated and saved as the historical file, and a new log file is started as the current log. If a historical file already exists, that file is deleted. When the log is rolled over, the system generates a message in the Audit log. If you want to save log all data and create a backup, you can configure the system to offload log messages to a remote system log.

Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
TP000086951
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.