Ya, I get notifications, weekly reports and backups fine. Even failed login attempts. I think thats about it tho hmmm
the only thing thats checked in notifications is:
Email
SNMP
INFO-850 Intrusion Prevention Alert
If the *-852 items aren't checked, I would assume you won't get the notifications if the packet was dropped, only if it was an alert. I could be wrong. Easiest way would to check all the items in the Intrusion Prevention section of notifications.
It's just my guess.
I dunno, all my logging/reporting options are enabled for email like : Log files have been deleted, Daily log file archive, etc and I've never gotten an email in my life. I know my logs are being deleted because they are only stored for like 30 days. Weird huh?
Also, is there any notifcations for when emails and such get quaratined in mail manager? That would be nice.
What version are you running? I'm at 7.502. I know when I updated to version 7 the IPS notifications stopped completely, then somewhere in 7.3X they started again.
i have the same problem. no ips info at all. no emails, nothing in the daily exucutive report. looks like ips is not giving any information. it's configured on the trusted interfaces only.
Mine has same problem, too. If anything logged in /var/log/ips.log, it should be reported, right? I have found several flood or port scan in previous logs, and back to check its daily report, but I didn't see anything there!
