Flood attack logs

This help contains the following topics:

Introduction
vSystem support information
Restrictions and guidelines
Manage flood attack logs
- Import logs
- Export logs

Introduction

An attacker launches a flood attack by sending a large number of forged requests to the victim in a short period of time. The victim is too busy responding to these forged requests to provide services for legal users, and a DoS attack occurs. For more information about flood attacks, see the help for attack defense.

Use flood attack defense policies to protect servers. To configure the device to output a log when the packet receiving rate from an IP address or packet sending rate to an IP address reaches or exceeds the source or destination IP-based threshold, perform the following operations:

Enable logging for flood attack events when you configure an attack defense policy on the Network > Active Defense > Attack Defense Policies page.
Enable log collection for the Attack defense | Flood attack log service on the System > Log Settings > Storage Space Settings page.

vSystem support information

Support of non-default vSystems for this feature depends on the device model. This feature is available on the Web interface only if it is supported.

Restrictions and guidelines

Only one log operation (import, export, or clear) is allowed at a time.
Only one user can perform a log operation at a time. When you import, export, or clear logs, make sure no one else is performing a log operation.

Manage flood attack logs

Import logs

Click the Monitor tab.
In the navigation pane, select Security Logs > Flood Attack Logs.
Click Import.
In the dialog box that opens, click OK.
Select a log file, and enter the password for the log file. The password was set when the file was exported.

Export logs

Click the Monitor tab.
In the navigation pane, select Security Logs > Flood Attack Logs.
Click on a column header, specify the search criteria to display the logs to be exported, and then click Apply.
Click Export.

On the page that opens, configure the log export settings.

Table-1 Log export configuration items

Item	Description
Set password	Enter a password for encrypting the log files. This password is required when you view or import the exported log files.
Logs per file	Specify the maximum number of logs allowed in a single log file. If the number of logs to be exported is smaller than or equal to the specified number, the device exports the logs to one file. If the number of logs to be exported is greater than the specified number, the device exports the logs to multiple files.

Item

Description

Set password

Enter a password for encrypting the log files. This password is required when you view or import the exported log files.

Logs per file

Specify the maximum number of logs allowed in a single log file.

If the number of logs to be exported is smaller than or equal to the specified number, the device exports the logs to one file.
If the number of logs to be exported is greater than the specified number, the device exports the logs to multiple files.

Click Export to export the log files to your PC.