The display ips-signature statistics command displays the top-N IPS signatures that are most frequently matched by protocols.
| Parameter | Description | Value |
|---|---|---|
top-number |
Displays the top-number signatures that are most frequently matched. |
The value is an integer ranging from 1 to 100. |
slot slot-id |
Specifies the slot ID of the SPU. Only the USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter. |
- |
cpu cpu-id |
Specifies the CPU ID. Only the USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter. |
- |
You can run this command to view top-N IPS signatures that are most frequently matched by protocols, including the protocol, severity, category, and matching count of each signature.
# Display the top 6 signatures that are most frequently matched.
<sysname> display ips-signature statistics 6
IPS statistic topN on slot 11 cpu 0:
----------------------------------------------------------------------------------
* TOP-N Searched Signature *
* (Counts: 6) *
----------------------------------------------------------------------------------
TOP-N Sig-ID Protocol Severity Category Event Counts
----------------------------------------------------------------------------------
1 3 TCP high User-defined 25
2 2 TCP high User-defined 7
3 4 TCP high User-defined 3
4 5 TCP high User-defined 3
5 6 TCP high User-defined 3
6 7 TCP high User-defined 3
Item |
Description |
|---|---|
Counts |
Number of signatures |
TOP-N |
Ranking of signatures in descending order of match count |
Sig-ID |
Signature ID |
Protocol |
Protocol of packets matching the signature |
Severity |
Severity of intrusions matching the signature |
Category |
Signature category |
Event Counts |
Match count of a signature NOTE:
To clear the match count of a signature, run the reset ips-signature statistics command. |