Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Installation And Configuration Manual page 232

Sensor Configuration Tasks
You use system variables when configuring alarm channel event filters. When you
want to use the same value within multiple filters, use a variable. When you
change the value of a variable, the variables in all the filters are updated. This
prevents you from having to change the variable repeatedly as you configure
alarm filters. See
information.
For example, if you had an IP address space that applied to your engineering
group and there were no Windows systems in that group, and you were not
worried about any Windows-based attacks, you could set up a USER-ADDR1 to
be the engineering group's IP address space. You could then use this variable on
the Event Filters page to set up the filter to ignore all Windows-based attacks for
USER-ADDR1.
To configure alarm channel system variables, follow these steps:
Step 1 Log in to the CLI using an account with administrator or operator privileges.
Enter configuration mode:
Step 2
sensor# configure terminal
Step 3 Enter alarm channel configuration mode:
sensor(config)# service alarm-channel-configuration virtualAlarm
Enter tune alarm channel submode:
Step 4
sensor(config-acc)# tune-alarm-channel
Enter system variable submode:
Step 5
sensor(config-acc-virtualAlarm)# systemVariables
Step 6 View the current system variable settings:
sensor(config-acc-virtualAlarm-sys)# show settings
A list of alarm channel system variables is displayed.
Step 7 Type the name of the system variable you want to configure, followed by a valid
value for that variable.
For example, to set the value of system variable SIG1 to 2001-2006, type the
following command:
sensor(config-acc-virtualAlarm-sys)# SIG1 2001-2006
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
10-36
Configuring Alarm Channel Event Filters, page
Chapter 10 Configuring the Sensor Using the CLI
10-37, for more
78-15597-02