Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

sig 993

In regards to the line-card module: IDSM 3.

What does sig 993 quantify specifically when it is reached and 1 packet is missed; and then when 100% of the packets are missed.

By quantify, I mean, specific numbers in relation to line-card overhead or cpu processing, e.g. 89%.

What regex engine type is used within the code base-3

What metacharacters are supported; and is there a efficiency ratio being used in the IDSM team to rate the impact a regex string on the processing overhead?

Is there a way to perform process-tracking?


Re: sig 993

The Regex string uses a STRING.HTTP engine, for the parameters used by this engine use the URL given below.

New Member

Re: sig 993

I did not include it, but was referring to idsm code base-3. The link describes ids code base-3 signature engines. Within the idsm code base-3, user manual input regex may supplement one of the four types of signatures, specifically string signatures. In respect to my question, I need to know what regex engine is it modelled after (standard), what metacharacters are supported. I would like to determine what the impact on the processing overhead is in order to assign a metric. I have found that the line card reportedly capable of up to 120 Mbps would not handle a single string of 100 bytes on a T1 at 60 % capacity of which a fraction was of correlative interest to the string. This leads me to question whether there are quantitative metrics available to gauge the line card signature efficiency; and also lead to wandering whether there is supported process tracking avaialbe through the sensor (line-card or appliance) .

CreatePlease to create content