CONFIG PROTOCOL PROFILE ALARM SHOW

Level

base+asq

History

Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
qid appears in 2.0.0

Description

Dump the alarm configuration for this protocol

Remark

if extended=0 or not specified, the command will not show the longmsg and signatures tokens

Usage

index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]

Returns

context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [qid=<queue name>] [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) legacy=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]

Format

section_line

Example

config protocol http profile alarm show index=1
[Alarm]
context=http:url:decoded id=48 action=block level=major dump=0 new=1 origin=profile_template msg="Windows : cmd.exe use or access attempt" modify=1 sensible=0 legacy=1 category="" comment=""
context=protocol id=53 action=block level=major dump=0 new=0 origin=profile_template msg="Invalid HTTP protocol" modify=1 sensible=1 legacy=1 category="" comment=""
context=http:client id=49 action=block level=major dump=0 new=1 origin=profile_template msg="Malware : PonyDOS botnet detected" modify=1 sensible=0 legacy=1 category="" comment=""