B-61
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix B Signature Engines
State Engine
For More Information
• For more information on the parameters common to all signature engines, see Master Engine,
page B-4.
• For a list of the signature regular expression syntax, see Regular Expression Syntax, page B-9.
State Engine
The State engine provides state-based regular expression-based pattern inspection of TCP streams. A
state engine is a device that stores the state of an event and at a given time can operate on input to
transition from one state to another and/or cause an action or output to take place. State machines are
used to describe a specific event that causes an output or alarm. There are three state machines in the
State engine: SMTP, Cisco Login, and LPR Format String.
specify-regex-payload-src
{yes | no}
Enables the inspection of TCP or TNS protocol:
• payload-src—Specifies which protocol to
inspect:
–
tcp-data—Performs Regex over the data
portion of the TCP packet.
–
tns-data—Performs Regex only over the
TNS data (with all white space removed).
tcp data
tns data
type Specifies the TNS frame value type:
• 1—Connect
• 2—Accept
• 4—Refuse
• 5—Redirect
• 6—Data
• 11—Resend
• 12—Marker
1
2
4
5
6
11
12
Table B-31 Service TNS Engine Parameters (continued)
Parameter Description Value