Filter
Top Products
7-9
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 7 Configuring Event Action Rules
Working With Event Action Rules Policies
Working With Event Action Rules Policies
To create, copy, display, edit, and delete event action rules policies, follow these steps:
Step 1 Log in to the CLI using an account with administrator privileges.
Step 2 Create an event action rules policy.
sensor# configure terminal
sensor(config)# service event-action-rules MyRules
sensor(config-eve)# exit
Apply Changes?[yes]: yes
sensor(config)# exit
sensor#
Step 3 Copy an existing event action rules policy to a new event action rules policy.
sensor# copy event-action-rules rules0 rules1
sensor#
Note You receive an error if the policy already exists or if there is not enough space available for the
new policy.
Step 4 Accept the default event action rules policy values or edit the following parameters.
a. Add event action rules variables.
b. Configure event action rules overrides.
c. Configure event action rules filters.
d. Configure the event action rules general settings.
e. Configure the event action rules target value rating.
f. Configure the event action rules OS identification settings.
Step 5 Display a list of event action rules policies on the sensor:
sensor# list event-action-rules-configurations
Event Action Rules
Instance Size Virtual Sensor
rules0 255 vs0
temp 707 N/A
MyRules 255 N/A
rules1 141 vs1
sensor#
Step 6 Delete an event action rules policy.
sensor(config)# no service event-action-rules MyRules
sensor(config)#
Note You cannot delete the default event action rules policy, rules0.
Step 7 Confirm the event action rules instance has been deleted.
sensor# list event-action-rules-configurations
Event Action Rules
Instance Size Virtual Sensor
rules0 112 vs0
rules1 142 N/A