ZyXEL Communications ZYWALL USG CLI Reference Manual page 177

Table 97 Commands for IDP Statistics (continued)
COMMAND
show idp statistics collect
show idp statistics ranking {signature-
name | source | destination}
20.6.1 IDP Statistics Example
This example shows how to collect and display IDP statistics. It also shows how to sort the
display by the most common signature name, source IP address, or destination IP address.
Router# configure terminal
Router(config)# idp statistics collect
Router(config)# no idp statistics activate
Router(config)# idp statistics flush
Router(config)# show idp statistics collect status
IDP collect statistics status: yes
Router(config)# show idp statistics summary
scanned session : 268
packet dropped: 0
packet reset: 0
Router(config)# show idp statistics ranking signature-name
ranking: 1
signature id: 8003796
signature name: ICMP L3retriever Ping
type: Scan
severity: verylow
occurence: 22
ranking: 2
signature id: 8003992
signature name: ICMP Large ICMP Packet
type: DDOS
severity: verylow
occurence: 4
Router(config)# show idp statistics ranking destination
ranking: 1
destination ip: 172.23.5.19
occurence: 22
ranking: 2
destination ip: 172.23.5.1
occurence: 4
Router(config)# show idp statistics ranking source
ranking: 1
source ip: 192.168.1.34
occurence: 26
ZyWALL (ZLD) CLI Reference Guide
DESCRIPTION
Displays whether the collection of IDP statistics is turned
on or off.
Query and sort the IDP statistics entries by signature
name, source IP address, or destination IP address.
signature-name: lists the most commonly detected
signatures.
source: lists the source IP addresses from which the
ZyWALL has detected the most intrusion attempts.
destination: lists the most common destination IP
addresses for detected intrusion attempts.
Chapter 20 IDP Commands
177