NetFlow to Event Log

<< Click to Display Table of Contents >>

Navigation:  Monitoring with EventSentry > Network Services > NetFlow >

NetFlow to Event Log

To log NetFlow data to the event log, click the "NetFlow to Event Log" tab, check the "Log to the APPLICATION Event Log" check box and specify the severity under which NetFlow data should be logged. To avoid flooding the Application event log with NetFlow-related alerts, the frequency of NetFlow alerts is limited.

 

clip0324

 

Alert Logic

Contains the rules under which NetFlow traffic information should be logged to the event log. Rules can evaluate based on:

 

The protocol

The IP address

Geolocation (country, state, city, zip code)

 

Alert on suspicious IP addresses

Logs event 820 (EventSentry Network Services / NetFlow) to the event log if a suspicious IP address has been encountered. The alert includes the source and destination IP address, affected port, threat count and threat details.

 

Detect TCP Port Scans

Logs event 801 (EventSentry Network Services / NetFlow) to the event log if a potential port scan was detected:

 

# of ports: The number of different ports a remote host has to attempt to connect to in order to trigger an alert

Time Interval: The time interval during which the port scan has to occur

Max Bytes: Network packets will need to be smaller or equal than this size to be considered part of a potential port scan