Purpose
Displays a list of IPS configuration parameters and their values. These parameters control various thresholds for IPS data, such as timeouts and incident inclusion intervals.
Syntax and Description
ips show configuration {parameter_id | parameter_name}]
IPS SHOW CONFIGURATION lists the following information for each configuration parameter:
Parameter ID
Name
Description
Unit used by parameter (such as days or hours)
Value
Default value
Minimum Value
Maximum Value
Flags
Optionally, you can get information about a specific parameter by supplying a parameter_id or a parameter_name.
Example
This command describes all IPS configuration parameters:
ips show configuration
Output:
PARAMETER INFORMATION:
PARAMETER_ID 1
NAME CUTOFF_TIME
DESCRIPTION Maximum age for an incident to be considered for
inclusion
UNIT Days
VALUE 90
DEFAULT_VALUE 90
MINIMUM 1
MAXIMUM 4294967295
FLAGS 0
PARAMETER INFORMATION:
PARAMETER_ID 2
NAME NUM_EARLY_INCIDENTS
DESCRIPTION How many incidents to get in the early part of the range
UNIT Number
VALUE 3
DEFAULT_VALUE 3
MINIMUM 1
MAXIMUM 4294967295
FLAGS 0
PARAMETER INFORMATION:
PARAMETER_ID 3
NAME NUM_LATE_INCIDENTS
DESCRIPTION How many incidents to get in the late part of the range
UNIT Number
VALUE 3
DEFAULT_VALUE 3
MINIMUM 1
MAXIMUM 4294967295
FLAGS 0
PARAMETER INFORMATION:
PARAMETER_ID 4
NAME INCIDENT_TIME_WINDOW
DESCRIPTION Incidents this close to each other are considered
correlated
UNIT Minutes
VALUE 5
DEFAULT_VALUE 5
MINIMUM 1
MAXIMUM 4294967295
FLAGS 0
PARAMETER INFORMATION:
PARAMETER_ID 5
NAME PACKAGE_TIME_WINDOW
DESCRIPTION Time window for content inclusion is from x hours
before first included incident to x hours after last
incident
UNIT Hours
VALUE 24
DEFAULT_VALUE 24
MINIMUM 1
MAXIMUM 4294967295
FLAGS 0
PARAMETER INFORMATION:
PARAMETER_ID 6
NAME DEFAULT_CORRELATION_LEVEL
DESCRIPTION Default correlation level for packages
UNIT Number
VALUE 2
DEFAULT_VALUE 2
MINIMUM 1
MAXIMUM 4
FLAGS 0
Examples
This command describes configuration parameter NUM_EARLY_INCIDENTS:
ips show configuration num_early_incidents
This command describes configuration parameter 3:
ips show configuration 3
Configuration Parameter Descriptions
Table 17-8 describes the IPS configuration parameters in detail.
Table 17-8 IPS Configuration Parameters
| Parameter | ID | Description |
|---|---|---|
|
|
1 |
Maximum age, in days, for an incident to be considered for inclusion. |
|
|
2 |
Number of incidents to include in the early part of the range when creating a package based on a problem. By default, ADRCI adds the three earliest incidents and three most recent incidents to the package. |
|
|
3 |
Number of incidents to include in the late part of the range when creating a package based on a problem. By default, ADRCI adds the three earliest incidents and three most recent incidents to the package. |
|
|
4 |
Number of minutes between two incidents in order for them to be considered correlated. |
|
|
5 |
Number of hours to use as a time window for including incidents in a package. For example, a value of 5 includes incidents five hours before the earliest incident in the package, and five hours after the most recent incident in the package. |
|
|
6 |
The default correlation level to use for correlating incidents in a package. The correlation levels are:
|