Displaying ddos event details, Configuration guide – H3C Technologies H3C SecCenter IPS Manager User Manual

52

NOTE:

Logs are aggregated at 3 o’clock in the morning every day. When you query event information of the
current month, the system displays only the data collected from the first day of the month to the day before

the current day.

Displaying DDoS event details

This function helps you quickly find the desired DDoS event information from history data of months. The

DDoS event information can be exported to HTML files, Word files, and Excel files.

Configuration guide

From the navigation tree of the IPS management component, select DDoS Event Details under Event
Analysis to enter the DDoS event details page, as shown in

Figure 52

. This page allows you to query

DDoS events by attack type, source IP address, destination IP address, and protocol to view the DDoS

event details.

Table 50

describes the query options of DDoS event details, and

Table 51

describes the

fields of the DDoS event details.

Figure 52 DDoS event details

Table 50 DDoS event details query options

Option Description

Filter

Select a filter from the dropdown list to display specific DDoS events.

Attack Type

Select a DDoS attack type

Device

Select a device, a device group, or All devices from the Device dropdown list to display
the relevant event information. All IPS devices and device groups that are under your

management will appear in the dropdown list.

•

Select a device group: Specifies all IPS devices in the device group.

•

Select a device name: Specifies a single IPS device.

Src IP

Specify the source IP address.

Dest IP

Specify the destination IP address.

Protocol

Select the protocol. The default is --, which means any protocol.