Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual page 111
Configuration guide
Hide thumbs
Also See for 4215 - Intrusion Detection Sys Sensor:
- Hardware installation manual (74 pages)
Table of Contents
Advertisement
Chapter 6
Configuring Event Action Rules
To edit an existing filter:
Step 6
sensor(config-rul)# filters edit name1
Edit the parameters (see Steps 4a through 4j).
Step 7
To move a filter up or down in the filter list:
Step 8
sensor(config-rul-fil)# exit
sensor(config-rul)# filters move name5 before name1
Step 9
Verify that you have moved the filters:
sensor(config-rul-fil)# exit
sensor(config-rul)# show settings
-----------------------------------------------
filters (min: 0, max: 4096, current: 5 - 4 active, 1 inactive)
-----------------------------------------------
ACTIVE list-contents
-----------------------------------------------
78-16527-01
NAME: name5
-----------------------------------------------
signature-id-range: 900-65535 <defaulted>
subsignature-id-range: 0-255 <defaulted>
attacker-address-range: 0.0.0.0-255.255.255.255 <defaulted>
victim-address-range: 0.0.0.0-255.255.255.255 <defaulted>
attacker-port-range: 0-65535 <defaulted>
victim-port-range: 0-65535 <defaulted>
risk-rating-range: 0-100 <defaulted>
actions-to-remove: <defaulted>
filter-item-status: Enabled <defaulted>
stop-on-match: False <defaulted>
user-comment: <defaulted>
-----------------------------------------------
-----------------------------------------------
NAME: name1
-----------------------------------------------
signature-id-range: 900-65535 <defaulted>
subsignature-id-range: 0-255 <defaulted>
attacker-address-range: 0.0.0.0-255.255.255.255 <defaulted>
victim-address-range: 0.0.0.0-255.255.255.255 <defaulted>
attacker-port-range: 0-65535 <defaulted>
victim-port-range: 0-65535 <defaulted>
risk-rating-range: 0-100 <defaulted>
actions-to-remove: <defaulted>
filter-item-status: Enabled <defaulted>
stop-on-match: False <defaulted>
user-comment: <defaulted>
-----------------------------------------------
-----------------------------------------------
NAME: name2
-----------------------------------------------
signature-id-range: 900-65535 <defaulted>
subsignature-id-range: 0-255 <defaulted>
attacker-address-range: 0.0.0.0-255.255.255.255 <defaulted>
victim-address-range: 0.0.0.0-255.255.255.255 <defaulted>
attacker-port-range: 0-65535 <defaulted>
victim-port-range: 0-65535 <defaulted>
risk-rating-range: 0-100 <defaulted>
actions-to-remove: <defaulted>
filter-item-status: Enabled <defaulted>
stop-on-match: False <defaulted>
user-comment: <defaulted>
-----------------------------------------------
-----------------------------------------------
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
Event Action Filters
6-13
Advertisement
Table of Contents
Troubleshooting
