After selecting one or more signatures on the Security Services > Intrusion Prevention (IPS) > IPS Policy and Protocol Inspection page, use the Edit Selected Signature Actions page to enable or disable the selected signatures and to configure the actions.
1. Enter the following information:
• Enable detection of selected signatures: Check this box to enable the intrusion detection for this signature, or uncheck this box to disable it.
• Name: The name of the signature.
• ID: The unique identifier of the signature.
• Severity: The severity level of the threat that the signature can identify.
• Default Action: The default preventive action for the signature.
• Action on Detect: Choose one of the following actions for the signature:
– Block and Log: Deny the request, drop the connection, and log the event when the security signature is detected by the IPS engine.
– Log only: Only log the event when the security signature is detected by the IPS engine. This option is mostly used for troubleshooting purposes.
To log IPS events, you must first specify the action for the signatures, and then go to the Device Management > Logs pages to configure the log settings and log facilities. See Log Management, page 374.
To save IPS logs to the local syslog daemon, you must enable the Log feature, set the log buffer size and the severity for local logs, and then enable the Local Log settings for the Intrusion Prevention (IPS) facility.
To save IPS logs to a remote syslog server, you must enable the Log feature, specify the Remote Log settings, and enable the Remote Log settings for the Intrusion Prevention (IPS) facility.
2. Click OK to save your settings.