Example: Logging protocol use in Ethernet rules

An example of configuring Ethernet rules to log the use of Ethernet protocols.

The administrators at Company A have installed an IPS engine in Transparent Access Control mode and they want to create some custom Ethernet rules. The administrators know that most traffic uses the IPv4 protocol, but they are not sure which other Ethernet protocols are being used in the company’s network. They decide to temporarily log the use of Ethernet protocols, excluding IPv4.

To log all Ethernet protocol traffic excluding IPv4, the administrators:

1. Create an IPS Policy based on the IPS Template.
2. Add a rule in the Ethernet rules to exclude IPv4 traffic from logging:

   Table 1. Ethernet rule for excluding IPv4 traffic from logging

   Source	Destination	Service	Action	Options
   ANY	ANY	IPv4	Allow	Logging: None

3. Add a rule to log the use of other Ethernet protocols:

   Table 2. Ethernet rule for logging Ethernet protocol use

   Source	Destination	Service	Action	Options
   ANY	ANY	ANY	Allow	Logging: Stored

4. Save and install the policy on the IPS engine.
5. View the logs generated by the matches to the Ethernet rules in the Logs view.
6. Disable the logging Ethernet rule to prevent excess log data from being generated.