Table of Contents
Advertisement
Sensor Configuration Tasks
Look through the list of settings for this signature engine and chose the signature
Step 7
ID that you want to tune. Type the following command to configure the
parameters for a specific signature:
sensor(config-vsc-virtualSensor-ATO)# signature SIGID
For example, to tune signature ID 9019, type the following command:
sensor(config-vsc-virtualSensor-ATO)# signature sigID 9019
Step 8
Type ? at the prompt to see a list of configurable parameters.
sensor (config-vsc-virtualSensor-ATO-sig)# ?
AlarmDelayTimer
AlarmInterval
AlarmSeverity
AlarmThrottle
AlarmTraits
CapturePacket
ChokeThreshold
Throttle modes
default
DstIpAddr
DstIpMask
DstPort
Enabled
EventAction
exit
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
10-48
Chapter 10
Number of seconds to delay further signature
inspection after an alarm.
Special Handling for timed events. Use
AlarmInterval Y with MinHits X for X alarms
in Y second interval.
The severity of this alert reported in the
alarm.
Technique used to limit alarm firings. FireAll
sends all alarms. FireOnce sends the firstalarm
then deletes the inspector. Summarize sends an
IntervalSummary alarm. GlobalSummarize sends
a GlobalSummary alarm.
User-defined traits further describing this
signature.
Set to True to include the offending packet in
the alarm.
Threshold value of alarms-per-interval to
auto-switch Alarm
If ChokeThreshold is defined the sensor will
automatically switch AlarmThrottle modes when
a large volume of alarms is seen in the
ThrottleInterval.
Set the value back to the system default
setting
IP address (or network) to match on the
IP packet's destination address. Must be used
with DstIpMask.
IP netmask used with DstIpAddr to match on the
IP packet's destination address. Must be used
with DstIpAddr.
A single Destination Port to match.
True to Enable the Sig. False to Disable
the Sig.
What action(s) to perform when the alarm is
fired.
Exit signatures configuration submode
Configuring the Sensor Using the CLI
signature ID
78-15597-02
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor and is the answer not in the manual?
Questions and answers