Signature Variables; About Signature Variables; Configuring Signature Variables - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Signature Variables

configuration, which takes time and could delay the processing of traffic. You can tune built-in
signatures by adjusting several signature parameters. Built-in signatures that have been modified are
called tuned signatures.
You can create signatures, which are called custom signatures. Custom signature IDs begin at 60000. You
can configure them for several things, such as matching of strings on UDP connections, tracking of
network floods, and scans. Each signature is created using a signature engine specifically designed for
the type of traffic being monitored.
Signature Variables
This section describes signature variables, and contains the following topics:
•
•

About Signature Variables

When you want to use the same value within multiple signatures, use a variable. When you change the
value of a variable, the variables in all signatures are updated. This saves you from having to change the
variable repeatedly as you configure signatures.
You must preface the variable with a dollar ($) sign to indicate that you are using a variable rather than
Note
a string.
Some variables cannot be deleted because they are necessary to the signature system. If a variable is
protected, you cannot select it to edit it. You receive an error message if you try to delete protected
variables. You can edit only one variable at a time.

Configuring Signature Variables

Use the variables command in the signature definition submode to create variables.
The following options apply:
•
•
•
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
7-2
About Signature Variables, page 7-2
Configuring Signature Variables, page 7-2
variable-name—Identifies the name assigned to this variable.
A valid name can only contain numbers or letters. You can also use a hyphen (-) or underscore (_).
ip-addr-range—System-defined variable for grouping IP addresses.
The valid values are: A.B.C.D-A.B.C.D[,A.B.C.D-A.B.C.D]
web-ports—System-defined variable for ports to look for HTTP traffic.
To designate multiple port numbers for a single variable, place a comma between the entries. For
example, 80, 3128, 8000, 8010, 8080, 8888, 24326.
Chapter 7 Defining Signatures
78-16527-01