Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual page 220

Filtering the Current Submode Configuration Output
The following options apply:
|—The pipe symbol indicates that an output processing specification follows.
•
begin—Begins unfiltered output of the show settings command with the first line that contains the
•
regular expression specified.
exclude—Excludes lines in the output of the show settings command that contain a particular
•
regular expression.
• include—Includes only the lines in the output of the show settings command that contain the
regular expression you specify.
• regular-expression—Any regular expression found in the show settings command output.
Note
To search or filter the output of the contents of the submode configuration, follow these steps:
Log in to the CLI using an account with administrator privileges.
Step 1
Search the output of the event action rules settings for the regular expression, "filters," for example:
Step 2
sensor# configure terminal
sensor(config)# service event-action-rules
sensor(config-rul)# show settings | begin filters
filters (min: 0, max: 4096, current: 0 - 0 active, 0 inactive)
-----------------------------------------------
general
-----------------------------------------------
global-overrides-status: Enabled <defaulted>
global-filters-status: Enabled <defaulted>
global-summarization-status: Enabled <defaulted>
global-metaevent-status: Enabled <defaulted>
global-deny-timeout: 3600 <defaulted>
global-block-timeout: 15 default: 30
max-denied-attackers: 10000 <defaulted>
-----------------------------------------------
target-value (min: 0, max: 5, current: 0)
-----------------------------------------------
-----------------------------------------------
sensor(config-rul)#
Filter the output of the network access settings to exclude the regular expression:
Step 3
sensor# configure terminal
sensor(config)# service network-access
sensor(config-net)# show settings | exclude false
general
-----------------------------------------------
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
12-12
The regular-expression option is case sensitive and allows for complex matching
requirements.
log-all-block-events-and-errors: true default: true
block-enable: true default: true
block-max-entries: 11 default: 250
max-interfaces: 13 default: 250
master-blocking-sensors (min: 0, max: 100, current: 1)
-----------------------------------------------
ipaddress: 10.89.149.124
-----------------------------------------------
password: <hidden>
port: 443 default: 443
tls: true default: true
Chapter 12 Working With Configuration Files
78-16527-01