IDS/IPS Configuration
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
927
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
TO ENABLE/DISABLE SNORT RULE
EXAMPLE
To enable Snort rule:
ALU(config-firewall-intrusion-snort)# rule enable classtype
attempted-dos
To disable Snort rule:
ALU(config-firewall-intrusion-snort)# rule disable classtype
attempted-dos
T
O MODIFY SNORT RULE
EXAMPLE
To modify the rule given below, use the rule modify command:
Original rule:
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ATTACK-
RESPONSES directory listing"; flow:from_server,established;
content:"Volume Serial Number"; classtype:bad-unknown;
sid:1292; rev:8;)
Modification of rule to $EXTERNAL_NET is shown below:
ALU(config-firewall-intrusion-snort)# rule modify 1292
content alert tcp $EXTERNAL_NET any -> $EXTERNAL_NET any
(msg:"ATTACK-RESPONSES directory listing";
flow:from_server,established; content:"Volume Serial
Number"; classtype:bad-unknown; sid:1292; rev:8;)
Command (in Intrusion Snort CM) Description
rule enable {{category
<name>...|classtype <name>...|
priority {high|low|medium}|sid
<1-4294967295...>}
Use this command to enable Snort rules
by Snort Rule ID (SID), class type,
priority, or category.
rule disable {{category
<name>...|classtype <name>...|
priority {high|low|medium}|sid
<1-4294967295...>}
Use this command to disable Snort
rules by Snort rule ID (SID), class type,
priority, or category.
Command (in Intrusion Snort CM) Description
rule modify <1-4294967295>
content <rule-content>
Use this command to modify Snort rule.
To Next Page
Loading...
