Filter
Top Products
14-14
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 14 Configuring Attack Response Controller for Blocking and Rate Limiting
Disabling Blocking
global-overrides-status: Enabled <defaulted>
global-filters-status: Enabled <defaulted>
global-summarization-status: Enabled <defaulted>
global-metaevent-status: Enabled <defaulted>
global-deny-timeout: 3600 <defaulted>
global-block-timeout: 60 default: 30
max-denied-attackers: 10000 <defaulted>
-----------------------------------------------
sensor(config-rul-gen)#
Step 6 Exit event action rules submode.
sensor(config-rul-gen)# exit
sensor(config-rul)# exit
Apply Changes:?[yes]:
Step 7 Press Enter to apply the changes or enter no to discard them.
Note There is a time delay while the signatures are updated.
Enabling ACL Logging
Use the enable-acl-logging {true | false} command in the service network access submode to enable
ACL logging, which causes ARC to append the log parameter to block entries in the ACL or VACL. This
causes the device to generate syslog events when packets are filtered. Enable ACL logging only applies
to routers and switches. The default is disabled.
To enable ACL logging, follow these steps:
Step 1 Log in to the CLI using an account with administrator privileges.
Step 2 Enter network access submode:
sensor# configure terminal
sensor(config)# service network-access
sensor(config-net)#
Step 3 Enter general submode.
sensor(config-net)# general
Step 4 Enable ACL logging.
sensor(config-net-gen)# enable-acl-logging true
Step 5 Verify that ACL logging is enabled.
sensor(config-net-gen)# show settings
general
-----------------------------------------------
log-all-block-events-and-errors: true <defaulted>
enable-nvram-write: false <defaulted>
enable-acl-logging: true default: false
allow-sensor-block: false <defaulted>
block-enable: true <defaulted>
block-max-entries: 250 <defaulted>
max-interfaces: 250 <defaulted>