FWMON
This screen displays the current configuration information for the fwmon
daemons. The administrator can modify the fwmon configuration
on this screen and then save the updates to the firewall. After saving
the modifications, the administrator will have to go to the T.Rex
Start/Stop Services Menu to refresh
fwmon before the modifications will take effect.
Fwmon is made up of fwmon itself and three other daemons: spoofmon,
synmon and procmon. Each of the fields below applies to one of the
daemons.
spoofmon is only supported on AIX and HP/UX at this time.
synmon is only supported on AIX at this time.
Edit Button
Edit the config file directly rather than using this configuration
screen.
Activate spoofmon
Specifies whether the spoofmon daemon should be activated. Note
that spoofmon is not supported by T.Rex on Solaris at this time so this
field has no effect on Solaris.
Interval in seconds between checking monitored processes
Specifies the number of seconds for procmon to sleep between checking
on its list of monitored processes.
Minimum interval in seconds between alerts
from procmon
Specifies the number of seconds for procmon to issue subsequent messages
after the first alert. Since subsequent alerts only repeat the same
information, this field provides a way to reduce redundant output.
Email address to send procmon alerts
Specifies an email address for procmon to send alerts to. Email
alerts will be sent every minimum interval
.
Interval in seconds between SYN flood checks
Specifies the number of seconds for synmon to sleep between checking
for SYN floods.
Maximum number of entries in each TCP queue
Specifies the number of slots in the SYN queue for each active port.
The operating system default is 16.
Queue length threshold to begin synmon queue management.
Specifies the threshold (number of entries on a SYN queue) above which
synmon will issue an alert and begin queue management to make room on that
SYN queue.
synmon queue management to keep queue length at this level
Specifies the number of entries for synmon to leave on the queue each
time it does cleanup.
Run synmon in verbose mode
Specifies whether synmon is to run in verbose mode. synmon generates
more syslog entries in verbose mode.
Pathname of optional file of trusted addresses for synmon
Optional field that specifies the absolute pathname for a file that
contains IP addresses whose connection requests in a SYN queue are not
to be removed during synmon queue cleanup.
procmon <process name> [<min count> [<max count>]]
This is an area where a list of monitored processes can be entered
for procmon.
<process name>
is the name of a process to be monitored (e.g. inetd).
<min count>
specifies the expected minimum occurrence for the named process.
procmon will issue an alert if the number of copies of the named process
falls below this number. This is optional. Default is 1.
<max count>
specifies the expected maximum occurrence for the named process.
procmon will issue an alert if the number of copies of the named process
rises above this number. This is optional. Default is <min
count>.
syn_port = <port> qlen = <length> himark = <high> lomark = <low>
This is the area where synmon parameters can be specified for individual
ports. This is normally NOT used except during a SYN flood attack.
syn_port
Specifies the target port number for this line.
qlen
Specifies the maximum number of entries to allow in the SYN queue for this
port.
himark
Specifies the high threshold number of entries in the SYN queue for this
port above which synmon will issue an alert and begin queue management
to make room on the queue.
lomark
Specifies the number of entries on the SYN queue for this port for synmon
to leave on the queue each time it does cleanup.
Taskbar Pulldown Menu
Task Buttons