Print Download PDF Send Feedback

Previous

Next

sam_alert

Description

For SAM v1, this utility executes Suspicious Activity Monitoring (SAM) actions according to the information received from the standard input.

For SAM v2, this utility executes Suspicious Activity Monitoring (SAM) actions with User Defined Alerts mechanism.

Notes:

Syntax for SAM v1

[Expert@MGMT:0]# sam_alert [-v] [-o] [-s <SAM Server>] [-t <Time>] [-f <Security Gateway>] [-C] {-n|-i|-I} {-src|-dst|-any|-srv}

Parameters for SAM v1

Parameter

Description

-v

Enables the verbose mode for the fw sam command.

-o

Specifies to print the input of this tool to the standard output (to use with pipes in a CLI syntax).

-s <SAM Server>

Specifies the SAM Server to be contacted. Default is localhost.

-t <Time>

Specifies the time (in seconds), during which to enforce the action. The default is forever.

-f <Security Gateway>

Specifies the Security Gateway, on which to run the operation.

Important - If you do not specify the target Security Gateway explicitly, this command applies to all managed Security Gateways.

-C

Cancels the specified operation.

-n

Specifies to notify every time a connection, which matches the specified criteria, passes through the Security Gateway.

-i

Inhibits (drops or rejects) connections that match the specified criteria.

-I

Inhibits (drops or rejects) connections that match the specified criteria and closes all existing connections that match the specified criteria.

-src

Matches the source address of connections.

-dst

Matches the destination address of connections.

-any

Matches either the source or destination address of connections.

-srv

Matches specific source, destination, protocol and port.

Syntax for SAM v2

[Expert@MGMT:0]# sam_alert -v2 [-v] [-O] [-S <SAM Server>] [-t <Time>] [-f <Security Gateway>] [-n <Name>] [-c "<Comment">] [-o <Originator>] [-l {r | a}] -a {d | r| n | b | q | i} [-C] {-ip |-eth} {-src|-dst|-any|-srv}

Parameters for SAM v2

Parameter

Description

-v2

Specifies to use SAM v2.

-v

Enables the verbose mode for the fw sam command.

-O

Specifies to print the input of this tool to the standard output (to use with pipes in a CLI syntax).

-S <SAM Server>

the SAM server to be contacted. Default is localhost

-t <Time>

Specifies the time (in seconds), during which to enforce the action. The default is forever.

-f <Security Gateway>

Specifies the Security Gateway, on which to run the operation.

Important - If you do not specify the target Security Gateway explicitly, this command applies to all managed Security Gateways.

-n <Name>

Specifies the name for the SAM rule.

Default is empty.

-c "<Comment>"

Specifies the comment for the SAM rule.

Default is empty.

You must enclose the text in the double quotes or single quotes.

-o <Originator>

Specifies the originator for the SAM rule.

Default is sam_alert.

-l {r | a}

Specifies the log type for connections that match the specified criteria:

  • r - Regular
  • a - Alert

Default is None.

-a {d | r| n | b | q | i}

Specifies the action to apply on connections that match the specified criteria:

  • d - Drop
  • r - Reject
  • n - Notify
  • b - Bypass
  • q - Quarantine
  • i - Inspect

-C

Specifies to close all existing connections that match the criteria.

-ip

Specifies to use IP addresses as criteria parameters.

-eth

Specifies to use MAC addresses as criteria parameters.

-src

Matches the source address of connections.

-dst

Matches the destination address of connections.

-any

Matches either the source or destination address of connections.

-srv

Matches specific source, destination, protocol and port.

Example

See sk110873: How to configure Security Gateway to detect and prevent port scan.