This page shows incidents detected by the EFW Intrusion Detection System (IDS). The IDS system is inactive by default after the installation of Endian Firewall and may be activated (and deactivated) through a specific administration page ( > ).
The controls on this page are the basic elements that are described in detail in the Introduction section. These Logs consist of a number of items for each detected incident:
The Date: and time of the incident.
Name: - a description of the incident.
Priority: (if available). This is the severity of the incident, graded as 1 ("bad"), 2 ("not too bad"), & 3 ("possibly bad").
Type: - a general description of the incident (if available).
IP Info: - the IP identities (address & port) of the source and target involved in the incident. Each IP address is a hyperlink, which you can use to perform a DNS lookup for that IP address and to obtain any available information about its registration and ownership.
References: - hyperlinked URLs to any available source of information for this type of incident.
SID: - the Snort ID number (if available). "Snort" is the software module used by EFW to provide the IDS function, and SID is the ID code used by the Snort module to identify a particular pattern of attack. This parameter is hyperlinked to a web page carrying the relevant entry on the Snort database of intrusion signatures.