The display ips signature-id rule command displays the user-defined signature rule with the specified name.
| Parameter | Description | Value |
|---|---|---|
signature-id signature-id |
Specifies the ID of a user-defined signature. |
The value is a string of 1 to 1024 characters. The value must be the ID of an existing user-defined signature. |
name rule-name |
Specifies the name of a user-defined signature rule. |
The value is a case-sensitive string. If the name does not contain any spaces, the length is 1 to 32 characters. If the name contains spaces, the length is 3 to 34 characters and the name must be enclosed with double quotation marks (""), for example, "user for test". The name cannot contain any question marks (?), commas (,), quotation marks ("), or hyphens (-). The value must be the name of an existing user-defined signature rule. |
all |
Indicates IDs of all user-defined signatures. |
- |
# Display rules of user-defined signature 11.
<sysname> system-view [sysname] display ips signature-id 11 rule name rule1 IPS Signature Rule Configurations: SignatureID : 11 ------------------------------------------------------ Name : rule1 Scope : flow Check : sequential SourceIP : 10.1.1.1/24 SourcePort : 2003-2004 DestinationIP : DestinationPort : any Condition: ID Operator Field Value ----------------------------------------------------------- 1 noequal HTTP.Content-Length 24 ----------------------------------------------------------- ---------------------------------------------------------------------
# Display the user-defined associated signature whose user-defined signature ID is 1.
<sysname> system-view [sysname] display ips signature-id 1 rule name rule2 IPS Signature Rule Configurations: SignatureID : 1 ------------------------------------------------------ Name : rule2 Condition : ------------------------------------------------------------------- Signature-id : 50420 ThresholdValue : 30 IntervalTime : 60 BlockTime : 5 Correlateby : source-destination ------------------------------------------------------------------- ---------------------------------------------------------------------
Item |
Description |
|---|---|
SignatureID |
ID of the user-defined signature where the rule reside. |
Name |
Name of a user-defined signature rule. |
Scope |
Detection scope of a user-defined signature rule. |
Check |
Matching order of a user-defined signature rule. |
SourceIP |
Source IP address checked by a user-defined signature rule. |
SourcePort |
Source port checked by a user-defined signature rule. |
DestinationIP |
Destination IP address checked by a user-defined signature rule. |
DestinationPort |
Destination port checked by a user-defined signature rule. |
Condition |
Condition of a user-defined signature rule. |
ID |
Condition ID. |
Operator |
Field operation of a condition. |
Field |
Field to be checked by a condition. |
Value |
Value of the field to be checked by a condition. |
Signature-id |
ID of am associated signature. |
ThresholdValue |
Threshold for signature association times. |
IntervalTime |
Measurement period. |
BlockTime |
Time when the IP address is blacklisted. |
Correlateby |
Association mode. |