Intrusion Detection ######################## The diagnostics provide three tabs. The *Overview* tab provides general information about memory usage and packet statistics. The *Dashboard* tab provides an interactive view of the collected data from alerts and block events. The *Security Logs* tab shows fast log matches for drop/reject events. .. note:: The IDS engine might drop packets if they are too broken. In that case no rule id is present in the drop message. The *Audit Logs* tab shows fast log matches for audit events. The *Event Log* shows detailed information for each matched flow with protocol and application data associated with a flow or event. Source and destination IPs can show reverse DNS entry on hover, as long as the VT AIR can resolve the IP. .. image:: img/Diagnostics-Intrusion1.png :width: 100% :align: center :alt: Intrusion Detection Diagnostics .. image:: img/Diagnostics-Intrusion1-1.png :width: 100% :align: center :alt: Intrusion Detection Diagnostics .. image:: img/Diagnostics-Intrusion2.png :width: 100% :align: center :alt: Intrusion Detection Diagnostics .. image:: img/Diagnostics-Intrusion3.png :width: 100% :align: center :alt: Intrusion Detection Diagnostics .. image:: img/Diagnostics-Intrusion3-1.png :width: 100% :align: center :alt: Intrusion Detection Diagnostics Intrusion Detection Dashboard ******************************** The dashboard shows you alert and block information by country and origin. The dashoard is a convenient way of visualising the event data. .. image:: img/Diagnostics-Intrusion-Dashboard1.png :width: 100% :align: center :alt: Intrusion Detection Dashboard .. image:: img/Diagnostics-Intrusion-Dashboard2.png :width: 100% :align: center :alt: Intrusion Detection Dashboard World Map .. note:: Logfile Analysis needs to be enabled to see data in the Dashboard. It is disabled by default as it costs performance. It can be enabled at :ref:`Core Settings`. **Security and Alert Notifications** can be downloaded at the bottom of the Dashboard. They are also included in the Report Email.