Creating custom signatures, Custom signature fields, Creating custom signatures” on – Fortinet Network Device IPS User Manual
Page 23
Custom signatures
Creating custom signatures
FortiGate IPS User Guide Version 3.0 MR7
01-30007-0080-20080916
23
Creating custom signatures
Custom signatures are added separately to each VDOM. In each VDOM, there
can be a maximum of 255 custom signatures.
A custom signature definition is limited to a maximum length of 512 characters. A
definition can be a single line or span multiple lines connected by a backslash (\)
at the end of each line.
A custom signature definition begins with a header, followed by a set of
keyword/value pairs enclosed by parenthesis [( )]. The keyword and value pairs
are separated by a semi colon (;) and consist of a keyword and a value separated
by a space. The basic format of a definition is HEADER (KEYWORD VALUE;)
You can use as many keyword/value pairs as required within the 512 character
limit.
Custom signature fields
Table 1
shows the valid characters for custom signature fields.
Table 1: Valid characters for custom signature fields
Field
Valid Characters
Usage
HEADER
F-SBID
The header for an attack definition
signature. Each custom signature must
begin with this header.
KEYWORD
Each keyword must start with
“--”, and be a string of 1 to 19
characters.
Normally, keywords are an
English word or English
words connected by “_”.
Keywords are case
insensitive.
The keyword is used to identify a
parameter. See
for tables of
supported keywords.
VALUE
Double quotes must be used
around the value if it contains
a space and/or a semicolon.
If the value is NULL, the
space between the
KEYWORD and VALUE can
be omitted.
Values are case sensitive.
Note: if double quotes are
used for quoting the value,
the double quotes are not
considered as part of the
value string.
Set the value for a parameter identified
by a keyword.