Filter
Top Products
9-47
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 9 Configuring Anomaly Detection
Displaying Anomaly Detection Statistics
High = 1
Other Services
Default
Scanner Threshold
User Configuration = 200
Threshold Histogram - User Configuration
Low = 10
Medium = 3
High = 1
sensor#
Step 4 Display thresholds contained in the current KB illegal zone, protocol TCP, and destination port 20.
sensor# show ad-knowledge-base vs0 thresholds current zone illegal protocol tcp dst-port
20
AD Thresholds
Creation Date = 2006-Nov-14-10_00_00
KB = 2006-Nov-14-10_00_00
Illegal Zone
TCP Services
Default
Scanner Threshold
User Configuration = 200
Threshold Histogram - User Configuration
Low = 10
Medium = 3
High = 1
sensor#
Step 5 Display thresholds contained in the current KB illegal zone, and protocol other.
sensor# show ad-knowledge-base vs0 thresholds current zone illegal protocol other
AD Thresholds
Creation Date = 2006-Nov-14-10_00_00
KB = 2006-Nov-14-10_00_00
Illegal Zone
Other Services
Default
Scanner Threshold
User Configuration = 200
Threshold Histogram - User Configuration
Low = 10
Medium = 3
High = 1
sensor#
Displaying Anomaly Detection Statistics
Use the show statistics anomaly-detection [virtual-sensor-name] command in privileged EXEC mode
to display the statistics for anomaly detection. You can see if an attack is in progress (
Attack in
progress
or No attack). You can also see when the next KB will be saved (Next KB rotation at
10:00:00 UTC Wed Apr 26 2006
).
Note The clear command is not available for anomaly detection statistics.