Manage the intrusion detection policy file

You can configure an intrusion detection program to send e-mail to a system administrator to alert them to suspicious events and provide suggestions as to what action to take.

You also can write a program to analyze the statistics for certain patterns. For example, the statistics might reveal that suspicious events are occurring during off-hours. The statistics might show that there were attempted attacks on the system. The statistics also might show that the network was misconfigured or not working correctly.

An intrusion detection program should take suspicious events into account as well as network problems that occur for other reasons such as hardware or configuration problems. For example, ICMP redirect messages might indicate that a router is not fully configured yet. Sometimes routers are slow to figure out which router in a network is the best route to a destination.

Parent topic: Intrusion detection