Using The Fbidsmate Command-Line Utility - Watchguard Firebox X1000 User Manual

Using the fbidsmate command-line utility

The fbidsmate utility works from the command line.
Although you can execute the commands directly against
the Firebox, the tool is used most frequently in the context
of an IDS application script. The command syntax is:
add_hostile
add_log_message
import_passphrase
User Guide
firebox_address
fbidsmate
rwpassphrase_file
] [add_hostile
priority(0-7)
[add_log_message
import_passphrase rwpassphrase
fbidsmate
rwpassphrase_filename
This command adds a site to the Auto-Blocked Site
list, with the duration set by the administrator in
Policy Manager's Blocked Sites dialog box. It
effectively extends your control of the Auto-Block
mechanism inside the Firebox.
This command causes a message to be added to the
log stream emitted by the Firebox. Because the
priority is used by the Firebox to construct syslog
messages, its range is the standard syslog
0=Emergency to 7=Debug. There is no limit on
message length; the message is automatically
broken into multiple messages if necessary.
You can store the Firebox configuration passphrase
in encrypted form instead of putting it in clear text
in your IDS scripts. This command stores the
passphrase in the designated file using 3DES
encryption. Rather than using the configuration
passphrase, use the file name in your scripts. If you
are managing multiple Fireboxes, you need one
passphrase file per Firebox.
Integrating Intrusion Detection
rwpassphrase
[ | -f
hostile_address
message
" "]
] |
195