Table of Contents
Advertisement
Chapter 10
Configuring the Sensor Using the CLI
Step 8
Step 9
Step 10
Step 11
Configuring Alarm Channel Event Filters
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
78-15597-02
To type more than one signature range, use a comma (no space) between the
ranges.
View your changes:
sensor(config-acc-virtualAlarm-sys)# show settings
The settings for the system variables are displayed. In the example above, the
settings for the SIG1 variable would appear as
Exit system variable submode:
sensor(config-acc-virtualAlarm-sys)# exit
sensor(config-acc-virtualAlarm)# exit
Apply Changes?:[yes]:
Type yes to apply the changes.
The
Processing config:
Exit alarm channel configuration mode:
sensor(config-acc)# exit
sensor(config)#
The tune-alarm-channel command allows you to configure event filters for the
aggregation process. The items and menus in this configuration depend on the
contents of the configuration file and are built dynamically based on the
configuration retrieved when the command is executed. The modifications made
in this mode and any submodes contained within it are applied when you exit
tune-alarm-channel mode.
You can configure event filters that are based on source and destination addresses
for specified signatures. You can use the alarm channel system variables that you
have defined to group addresses for your filters. See
System Variables, page
filter, you must use a dollar sign ($) in front of the variable (for example, $SIG1)
to indicate that the string you have entered represents a variable.
message is displayed.
10-35, for more information. If you use a variable in a
Sensor Configuration Tasks
.
SIG1: 2001-2006
Configuring Alarm Channel
10-37
Advertisement
Table of Contents
Troubleshooting
