CONFIG PROTOCOL PROFILE ALARM SHOW

Level

base+asq

History

Appears in 9 0 0
Added extended parameter and added tokens longmsg and signatures in response in 9 1 0
reaction split to blacklist and email in 9 1 0
comment appears in 9 1 0
qid appears in 2 0 0

Description

Dump the alarm configuration for this protocol

Remark

if extended=0 or not specified, the command will not show the longmsg and signatures tokens

Usage

index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]

Returns

context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [qid=<queue name>] [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) legacy=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]

Format

section_line

Example

config protocol http profile alarm show index=1
[Alarm]
context=http:url:decoded id=48 action=block level=major dump=0 new=1 origin=profile_template msg="Windows : cmd exe use or access attempt" modify=1 sensible=0 legacy=1 category="" comment=""
context=protocol id=53 action=block level=major dump=0 new=0 origin=profile_template msg="Invalid HTTP protocol" modify=1 sensible=1 legacy=1 category="" comment=""
context=http:client id=49 action=block level=major dump=0 new=1 origin=profile_template msg="Malware : PonyDOS botnet detected" modify=1 sensible=0 legacy=1 category="" comment=""