- Cisco Home Security System User's Manual
9-44
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
Chapter 9 Configuring Anomaly Detection
Working With KB Files
•
For the procedure for adding TLS trusted hosts, see Adding TLS Trusted Hosts, page 3-52.
Displaying the Differences Between Two KBs
Use the show ad-knowledge-base virtual-sensor diff {current | initial | file name1}{current | initial |
file name2} [diff-percentage] command in privileged EXEC mode to display the differences between
two KBs.
The following options apply:
•
virtual-sensor—Specifies the name of the virtual sensor that contains the KB files you want to
compare.
•
name1—Specifies the name of the first existing KB file to compare.
•
name2—Specifies the name of the second existing KB file to compare.
•
current—Specifies the currently loaded KB.
•
initial—Specifies the initial KB.
•
file—Specifies the name of an existing KB file.
•
diff-percentage—(Optional) Displays the services where the thresholds differ more than the
specified percentage. The valid values are 1 to 100. The default is 10%.
Comparing Two KBs
To compare two KBs, follow these steps:
Step 1
Log in to the CLI.
Step 2
Locate the file you want to compare.
sensor# show ad-knowledge-base vs0 files
Virtual Sensor vs0
Filename Size Created
initial 84 04:27:07 CDT Wed Jan 29 2003
* 2006-Jun-28-10_00_01 84 04:27:07 CDT Thu Jun 29 2006
sensor#
Step 3
Compare the currently loaded file (the file with the *) with the initial KB for virtual sensor vs0.
sensor# show ad-knowledge-base vs0 diff initial file 2006-Jun-28-10_00_01
Initial Only Services/Protocols
External Zone
TCP Services
Service = 30
Service = 20
UDP Services
None
Other Protocols
Protocol = 1
Illegal Zone
None
Internal Zone
None
2006-Jun-28-10_00_01 Only Services/Protocols
External Zone
None
Illegal Zone
None
Internal Zone