The attack source tracing module functions as a powerful log processing center, recording information about the attack packets detected by any other functional modules.
Each functional module can detect potential attack packets and send them to the attack source tracing module for information recording. The attack source tracing module is responsible for recording information, rather than detecting attack packets.
Upon receiving a packet, the attack source tracing module records the packet according to the configured sampling ratio and packet length. The module can arrange attack packets according to timestamp. The module maintains a large cache. When an interface board resets, the information will not be lost. Attack source tracing supports both exact query and fuzzy query. You can save information about attack packets to the CF card on the main control board in a standard Wireshark file format.
Attack source tracing can record attack packets detected by modules such as application layer association, management and service layer protection, and CPCAR.
Upon receiving a packet, the attack source tracing module checks the sampling ratio.
Using commands, you can save the attack packet information in memory to a file on the CF card.