Filter
Top Products
7-35
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 7 Configuring Event Action Rules
Configuring General Settings
Step 3 Enter general submode.
sensor(config)# general
Step 4 Enable or disable the meta event generator. The default is enabled.
sensor(config-eve-gen)# global-metaevent-status {enabled | disabled}
Step 5 Enable or disable the summarizer. The default is enabled.
sensor(config-eve-gen)# global-summarization-status {enabled | disabled}
Step 6 Configure the denied attackers inline event action:
a. Limit the number of denied attackers in the system at any given time. The default is 1000.
sensor(config-eve-gen)# max-denied-attackers 100
b. Configure the amount of seconds to deny attackers in the system. The default is 3600 seconds.
sensor(config-eve-gen)# global-deny-timeout 1000
Step 7 Configure the number of minutes to block a host or a connection. The default is 30 minutes.
sensor(config-eve-gen)# global-block-timeout 20
Step 8 Enable or disable any overrides that you have set up. The default is enabled.
sensor(config-eve-gen)# global-overrides-status {enabled | disabled}
Step 9 Enable or disable any filters that you have set up. The default is enabled.
sensor(config-eve-gen)# global-filters-status {enabled | disabled}
Step 10 Verify the settings for general submode.
sensor(config-eve-gen)# show settings
general
-----------------------------------------------
global-overrides-status: Enabled default: Enabled
global-filters-status: Enabled default: Enabled
global-summarization-status: Enabled default: Enabled
global-metaevent-status: Enabled default: Enabled
global-deny-timeout: 1000 default: 3600
global-block-timeout: 20 default: 30
max-denied-attackers: 100 default: 10000
-----------------------------------------------
sensor(config-eve-gen)#
Step 11 Exit event action rules submode.
sensor(config-eve-gen)# exit
sensor(config-eve)# exit
Apply Changes:?[yes]:
Step 12 Press Enter to apply your changes or enter no to discard them.