IPS Commands
Overview
Description - IPS commands let you configure and show the IPS on the Security Gateway without installing a new policy.
Comments - Changes in the IPS configuration are not persistent. If you install a policy or restart the computer, the changes are deleted.
ips bypass stat
Description - Shows the status of the bypass mode.
Usage- ips bypass stat
Comments - Shows this information:
- IPS bypass mode - on or off
- CPU thresholds
- Memory thresholds
ips bypass on|off
Description - Manages IPS bypass. When IPS bypass is enabled:
- If the CPU or memory goes above the
high threshold, IPS enters bypass mode and is automatically disabled. - When the CPU or memory goes below the
low threshold, IPS exits bypass mode and is automatically enabled.
Usage - ips bypass {on|off}
Syntax
Parameter
|
Description
|
on
|
IPS bypass is enabled.
|
off
|
IPS bypass is disabled.
|
Example- ips bypass on
ips bypass set
Description - Configures the thresholds for the ips bypass command.
Usage - ips bypass set {cpu|mem} {low|high} <th>
Syntax
Parameter
|
Description
|
cpu
|
Configure the CPU threshold
|
mem
|
Configure the memory threshold.
|
low
|
Configure the lower threshold to exit bypass mode.
|
high
|
Configure the higher threshold to enter bypass mode.
|
<th>
|
The CPU or memory threshold value.
|
Example - ips bypass set cpu low 80
ips debug
Description - Shows the IPS debug information.
Usage - ips debug [-e <filter>] -o <outfile>
Syntax
Parameter
|
Description
|
-e
|
Filters which packets are captured.
|
<filter>
|
Uses a subset of INSPECT to specify which packets are captured.
|
-o <outfile>
|
Outputs the debug information to the file <outfile>.
|
Example - ips debug -o sampledebug
ips pmstats
Description - Shows statistics about the pattern matcher. These statistics are shown for each pattern:
- Memory
- CPU usage
- Compilation time
Usage - ips pmstats -o <outfile>
Syntax
Parameter
|
Description
|
-o <outfile>
|
Outputs the debug information to the file <outfile>.
|
Example - ips pmstats -o samplefile
ips pmstats reset
Description - Resets the data that is collected to calculate the pmstat statistics.
Usage - ips pmstats reset
ips refreshcap
After installing a new policy, IPS captures the first packet for each protection and saves it in the packet capture repository.
Description - Refreshes the packet capture repository. IPS designates the next packet of each protection as the first packet. The new first packet replaces the previous one in the packet capture repository.
Usage - ips refreshcap
ips stat
Description - Shows the IPS status of these items:
- IPS enabled or disabled
- Active profile
- Update version
- Global detect mode - on or off
- Bypass mode - on or off
Syntax - ips stat
ips stats
Description - Print IPS and Pattern Matcher performance statistics. Without arguments, runs on current gateway for 20 seconds. This is a resource intensive command and should not be run on a system experiencing a high load.
Usage - ips stats [<ip_address> -m] [-g <seconds>] [<ip_address> <seconds>]
Syntax
Parameter
|
Description
|
-m
|
Analyzes input statistics file from gateway. Give IP address of the gateway. Run from the Security Management Server.
|
-g
|
Collect statistics for current gateway.
|
seconds
|
Period in which statistics are gathered
|
Examples
ips_stats 192.0.2.14 40
Run statistics on gateway with address 192.0.2.14 for 40 seconds
ips_stats –g 30
Run the statistics on the current gateway for 30 seconds
ips_stats 192.0.2.14 –m
Analyze the statistics taken from the gateway with address 192.0.2.14
|
