8-40
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 8 Defining Signatures
Creating Custom Signatures
Step 3 Specify the IP logging parameters:
a. Specify the maximum number of bytes you want logged.
sensor(config-sig-ip)# ip-log-bytes 200000
b. Specify the number of packets you want logged.
sensor(config-sig-ip)# ip-log-packets 150
c. Specify the length of time you want the sensor to log.
sensor(config-sig-ip)# ip-log-time 60
Step 4 Verify the settings.
sensor(config-sig-ip)# show settings
ip-log
-----------------------------------------------
ip-log-packets: 150 default: 0
ip-log-time: 60 default: 30
ip-log-bytes: 200000 default: 0
-----------------------------------------------
sensor(config-sig-ip)#
Step 5 Exit signature definition submode.
sensor(config-sig-ip)# exit
sensor(config-sig)# exit
Apply Changes:?[yes]:
Step 6 Press Enter to apply the changes or enter no to discard them.
Creating Custom Signatures
This section describes how to create custom signatures and contains the following topics:
• Sequence for Creating a Custom Signature, page 8-41
• Example String TCP Engine Signature, page 8-41
• Example Service HTTP Engine Signature, page 8-44
• Example Meta Engine Signature, page 8-47
• Example IPv6 Engine Signature, page 8-51
• Example String XL TCP Engine Match Offset Signature, page 8-52
• Example String XL TCP Engine Minimum Match Length Signature, page 8-55