Manualshelf

User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER
371372373374375376377378379380
OmniAccess SafeGuard OS Administration Guide
376
Chapter 10: Detecting and Isolating Malware Security Threats
Displaying Malware for an IP Address
To display the malware configuration for an infected host by IP address, use the show
malware event-info command in Privileged Exec mode.
show malware event-info {ipaddress}
The following example is representative of sample output from the command:
(SafeGuardOS) # show malware event-info
Additional Malware Information
------------------------------
Number of Rows:4
Event Id Host IP Protocol Src Port Dst Port Dst IP Mirror Interval(seconds)/Start Time
-------- ------- -------- -------- -------- ------ -----------------------------------
1 66.166.203.235 TCP 4765 135 66.137.210.181 65/Fri Mar 17 13:02:30.801 2006
Algorithm The algorithm detecting the event. Algorithm types are:
HCAR
HCAF
HCARHCAF
App Group The type of application generating the event.
Time(msec) The duration of the event in milliseconds.
Attempts The number of times the malware attempted to contact a host
during the event.
Success The number of times the malware was able to connect
successfully.
Syntax Description ipaddress (Optional) Displays the IP address of the
infected host.
Table 29 Show Malware Algorithm-Info Output Fields (continued)
Field Description