No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ips collect-attack-evidence max-session-number

ips collect-attack-evidence max-session-number

Function

The ips collect-attack-evidence max-session-number command sets the maximum number of attack evidence collection sessions for each IPS signature on each CPU.

The undo ips collect-attack-evidence max-session-number command restores the default maximum number of attack evidence collection sessions for each IPS signature on each CPU.

Format

ips collect-attack-evidence max-session-number session-number [ signature-id signature-id ]

undo ips collect-attack-evidence max-session-number [ signature-id signature-id ]

Parameters

Parameter Description Value
session-number

Specifies the maximum number of attack evidence collection sessions.

The value is an integer ranging from 0 to 50. The default value is 5.

signature-id signature-id

Specifies the ID of an IPS signature.

The value is an integer ranging from 1025 to 16777215.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

After the collect-attack-evidence enable command is executed, the device starts to collect the attack evidence that match the intrusion prevention profile. You can set the maximum number of sessions in which the device collects attack evidence that match the intrusion prevention profile for each IPS signature on each CPU to collect necessary information for packet tracing, with the impact on system performance controlled to the minimum extent. When the device provides multiple CPUs, the maximum number of attack evidence collection sessions for each IPS signature is the value of session-number multiplying the number of CPUs.

The device collects all packets in a matched session. This command specifies the maximum number of matched sessions, not the number of matched packets.

During the IPS signature database update, if the predefined signature for which the maximum number of attack evidence collection sessions is set does not exist in the IPS signature database, the corresponding configurations are reserved but do not take effect. When the current configurations are queried, the following message is displayed: Invalid configuration. The specified signature (signature-id) does not exist in the current library. Please check and delete it.

Example

# Set the maximum number of attack evidence collection sessions for the signature 54330 to 10.

<Huawei> system-view
[Huawei] ips collect-attack-evidence max-session-number 10 signature-id 54330
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 211539

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next