Filter
Top Products
8-39
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 8 Defining Signatures
Configuring Signatures
sensor(config-sig-str)#
Step 6 Exit signature definition submode.
sensor(config-sig-str)# exit
sensor(config-sig)# exit
Apply Changes:?[yes]:
Step 7 Press Enter to apply the changes or enter no to discard them.
For More Information
For information on asymmetric inspection options for sensors configured in inline mode, see Inline TCP
Session Tracking Mode, page 6-3 and Adding, Editing, and Deleting Virtual Sensors, page 6-5.
Configuring IP Logging
You can configure a sensor to generate an IP session log when the sensor detects an attack. When IP
logging is configured as a response action for a signature and the signature is triggered, all packets to
and from the source address of the alert are logged for a specified period of time.
Note IP logging allows a maximum limit of 20 concurrent IP log files. Once the limit of 20 is reached, you
receive the following message in main.log:
Cid/W errWarnIpLogProcessor::addIpLog: Ran out of
file descriptors.
Use the ip-log command in the signature definition submode to configure IP logging. The following
options apply:
• ip-log-bytes—Identifies the maximum number of bytes you want logged. The valid value is 0 to
2147483647. The default is 0.
• ip-log-packets—Identifies the number of packets you want logged. The valid value is 0 to 65535.
The default is 0.
• ip-log-time—Identifies the duration you want the sensor to log. The valid value is 30 to 300
seconds. The default is 30 seconds.
Note When the sensor meets any one of the IP logging conditions, it stops IP logging.
Configuring IP Logging Parameters
To configure the IP logging parameters, follow these steps:
Step 1 Log in to the CLI using an account with administrator or operator privileges.
Step 2 Enter IP log submode.
sensor# configure terminal
sensor(config)# service signature-definition sig1
sensor(config-sig)# ip-log