Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Create Named Audit Rules

Create Named Audit Rules

Sep 15,2009 by alperen

small font medium font large font
image

Use the global configuration mode command ip audit name to create audit rules for info and attack signature types. Any signatures disabled with the ip audit signature command don’t become a part of the audit rule created with the ip audit name command. Use the no form of this command to delete an audit rule. The syntax is

Rtr1(config)ip audit name audit-name {info | attack} [list standard-acl] [action [alarm] [drop] [reset]]
Rtr1(config)no ip audit name audit-name {info | attack}

audit-name

The name for an audit specification.

info

Specifies that the audit rule is for info signatures.

attack

Specifies that the audit rule is for attack signatures.

list

Specifies an ACL to attach to the audit rule.

standard-acl

The integer representing an access control list. Use with the list keyword.

action

Sets an action for the info signature to take when a match occurs.

alarm

Sends an alarm to the console, IDS Director, or a Syslog server.

drop

Drops the packet.

reset

Resets the TCP session.

This command was introduced in IOS 12.0(5)T. The default action is alarm.

In this example, the default action for attack signatures is set to all three actions:

Rtr1(config)#ip audit attack action alarm drop reset

The following example creates an audit rule named Audit.99 for info signatures that’s configured with all three actions:

Rtr1(config)#ip audit name Audit.99 info action alarm drop reset

This example demonstrates disabling signature 1000 and then creating an info signature audit rule named Audit.33 that doesn’t include that signature:

Rtr1(config)#ip audit signature 1001 disable
Rtr1(config)#ip audit name Audit.33 info action alarm drop reset


246 times read

Related news
» The show ip audit all Command
by alperen posted on Sep 16,2009
» The show ip audit configuration Command
by alperen posted on Sep 16,2009
» Creating an Audit Rule
by alperen posted on Sep 15,2009
» Define Attack Audit Actions
by alperen posted on Sep 15,2009
» Define Info Audit Actions
by alperen posted on Sep 15,2009
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

alperen

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.