Snort - the de facto standard for intrusion detection/prevention
the de facto standard in IPS  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Snort Downloads Snort Rules Snort Docs Snort Training Snort Forums Snort Community Snort Store
Search Site
Search Rules
Account
email
password
not registered?
can't login?
user preferences
next up previous contents
Next: Dynamic Modules Up: alert_aruba_action Previous: alert_aruba_action   Contents

Format 

output alert_aruba_action: <controller address> <secrettype> <secret> <action>
The following parameters are required:

controller address
- Aruba mobility controller address.
secrettype
- Secret type, one of "sha1", "md5" or "cleartext".
secret
- Authentication secret configured on the Aruba mobility controller with the "aaa xml-api client" configuration command, represented as a sha1 or md5 hash, or a cleartext password.
action
- Action to apply to the source IP address of the traffic generating an alert.

blacklist
- Blacklist the station by disabling all radio communication.
setrole:rolename
- Change the users role to the specified rolename.

Figure: Aruba Action Alert Configuration
\begin{figure}\begin{verbatim}output alert_aruba_action: 10.3.9.6 cleartext foobar setrole:quarantine_role\end{verbatim} \par\end{figure}


Steven Sturges 2006-12-08
site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.