|
|
|
Custom signatures | Creating custom signatures |
Creating custom signatures
Custom signatures are added separately to each VDOM. In each VDOM, there can be a maximum of 255 custom signatures.
A custom signature definition is limited to a maximum length of 512 characters. A definition can be a single line or span multiple lines connected by a backslash (\) at the end of each line.
A custom signature definition begins with a header, followed by a set of keyword/value pairs enclosed by parenthesis [( )]. The keyword and value pairs are separated by a semi colon (;) and consist of a keyword and a value separated by a space. The basic format of a definition is HEADER (KEYWORD VALUE;)
You can use as many keyword/value pairs as required within the 512 character limit.
Custom signature fields
Table 1shows the valid characters for custom signature fields.
Table 1: Valid characters for custom signature fields
Field | Valid Characters | Usage |
|
|
|
HEADER |
| The header for an attack definition |
|
| signature. Each custom signature must |
|
| begin with this header. |
|
|
|
KEYWORD | Each keyword must start with | The keyword is used to identify a |
| parameter. See “Custom signature | |
| characters. | syntax” on page 24 for tables of |
| Normally, keywords are an | supported keywords. |
| English word or English |
|
| words connected by “_”. |
|
| Keywords are case |
|
| insensitive. |
|
|
|
|
VALUE | Double quotes must be used | Set the value for a parameter identified |
| around the value if it contains | by a keyword. |
| a space and/or a semicolon. |
|
| If the value is NULL, the |
|
| space between the |
|
| KEYWORD and VALUE can |
|
| be omitted. |
|
| Values are case sensitive. |
|
| Note: if double quotes are |
|
| used for quoting the value, |
|
| the double quotes are not |
|
| considered as part of the |
|
| value string. |
|
|
|
|
FortiGate IPS User Guide Version 3.0 MR7 |
|
23 |