The ips signature-action command changes the action of a single predefined signature or the actions of all predefined signatures.
The undo ips signature-action command restores the default action of a single signature or the default actions of all signatures, namely, the actions defined in the intrusion prevention signature database.
ips signature-action alert
ips signature-action signature-id signature-id { allow | alert | block }
undo ips signature-action [ signature-id signature-id ]
| Parameter | Description | Value |
|---|---|---|
signature-id signature-id |
Specifies the ID of a predefined signature. |
The value is an integer ranging from 1025 to 16777215. |
alert |
Indicates that the action of a predefined signature is alert. |
- |
allow |
Indicates that the action of a predefined signature is allow. |
- |
block |
Indicates that the action of a predefined signature is block. |
- |
Usage Scenario
Each predefined signature has a default action, namely, allow, alert, or block. To change the default action of a single predefined signature or the default actions of all predefined signatures, run the ips signature-action command.
Precautions
The global configuration of the command takes effect for each profile.
You can run the ips signature-action alert command to change the actions of all predefined signatures to alert, and not allow or block. To change the actions of all predefined signatures to allow, run the ips signature-state disabled command.
The priorities of predefined signatures' actions are single action, global action, and default action in a descending order.
The actions of exception signatures defined in a profile take precedence over the actions configured using the ips signature-action command.