Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual page 149

Chapter 7 Defining Signatures
Specify the service ports:
Step 8
sensor(config-sig-sig-str)# service-ports 23
Specify the direction:
Step 9
sensor(config-sig-sig-str)# direction to-service
Specify the regex string to search for in the TCP packet:
Step 10
sensor(config-sig-sig-str)# regex-string This-is-my-new-Sig-regex
Step 11 Verify the settings:
sensor(config-sig-sig-str)# show settings
string-tcp
-----------------------------------------------
-----------------------------------------------
sensor(config-sig-sig-str)#
Exit signature definition submode:
Step 12
sensor(config-sig-sig-str)# exit
sensor(config-sig-sig)# exit
sensor(config-sig)# exit
Apply Changes:?[yes]:
Press Enter to apply the changes or type
Step 13
78-16527-01
event-action: produce-alert <defaulted>
strip-telnet-options: false <defaulted>
specify-min-match-length
-----------------------------------------------
no
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
regex-string: This-is-my-new-Sig-regex
service-ports: 23
direction: to-service default: to-service
specify-exact-match-offset
-----------------------------------------------
no
-----------------------------------------------
specify-max-match-offset
-----------------------------------------------
no
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
specify-min-match-offset
-----------------------------------------------
no
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
swap-attacker-victim: false <defaulted>
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
to discard them.
no
Creating Custom Signatures
7-31