ACS Ruledef Configuration Mode Commands


Important


In 14.1 and earlier releases, up to 10 rule expressions can be configured in one ruledef. In 15.0 and later releases, up to 32 rule expressions can be configured in one ruledef.


Mode

The ACS Ruledef Configuration Mode is used to create and manage rule expressions in individual rule definitions (ruledefs).

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Important


The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).


bearer 3gpp apn

This command allows you to define rule expressions to match Access Point Name (APN) of the bearer flow.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] bearer 3gpp apn [ case-sensitive ] operator apn_name 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

apn_name

Specifies name of the APN to match.

apn_name must be an alphanumeric string of 1 through 62 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match an APN in the bearer flow.

Example

The following command defines a rule expression to match user traffic based on APN named apn12 :
bearer 3gpp = apn12  

bearer 3gpp imsi

This command allows you to define rule expressions to match International Mobile Station Identification (IMSI) number in the bearer flow.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] bearer 3gpp imsi { operator imsi | { !range | range } imsi-pool imsi_pool_name } 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

imsi

Specifies the IMSI number to match.

!range | range

!range | range : Specifies the range criteria:

  • !range : Not in the range of

  • range : In the range of

imsi-pool imsi_pool_name

Specifies the IMSI pool.

imsi_pool_name must be the name of an IMSI pool, and must be an alphanumeric string of 1 through 63 characters.

Usage Guidelines

Use this command to define rule expressions to match an IMSI.

Example

The following command defines a rule expression to analyze user traffic for the IMSI number 9198838330912 :
bearer 3gpp imsi = 9198838330912 

bearer 3gpp rat-type

This command allows you to define rule expressions to match Radio Access Technology (RAT) in the bearer flow.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] bearer 3gpp rat-type operator rat_type 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

rat_type

Specifies the RAT type to match.

rat_type must be one of the following:

  • geran : GSM EDGE Radio Access Network type

  • utran : UMTS Terrestrial Radio Access Network type

  • wlan : Wireless LAN type

Usage Guidelines

Use this command to define rule expressions to match a RAT type.

Example

The following command defines a rule expression to match user traffic based on RAT type wlan :
bearer 3gpp rat-type = wlan 

bearer 3gpp sgsn-address

This command allows you to define rule expressions to match SGSN address associated in the bearer flow.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] bearer 3gpp sgsn-address operator ipv4/ipv6_address 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

ipv4/ipv6_address

Specifies the SGSN IP address to match.

ipv4/ipv6_address must be in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.

Usage Guidelines

Use this command to define rule expressions to match IP address of an SGSN node. This command replaces the bearer sgsn-address command.

Example

The following command defines a rule expression to analyze user traffic for an SGSN node with IP address 209.165.200.225 :
bearer 3gpp sgsn-address = 209.165.200.225 

bearer 3gpp2 bsid

This command allows you to define rule expressions to match Base Station Identifier (BSID) associated with the bearer.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] bearer 3gpp2 bsid [ case-sensitive ] [ use-group-of-objects ] operator string 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

use-group-of-objects

Specifies using a group-of-objects as a qualifier to match this rule.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

string

Specifies the name of a group-of-objects to match.

If the use-group-of-objects keyword is not included in the command, string specifies name of the matching 3GPP2 service Base Station ID (BSID) in bearer flow.

If the use-group-of-objects keyword is included in the command, string must be the name of the group-of-objects to use. In this case, it is checked if the rule is satisfied for either one or none of the objects in the group-of-objects depending upon the operator used. For example, if the operator is contains , the expression would be true if any of the objects in the specified object group is contained in the BSID. If the operator is !contains , then the expression would be true if none of the objects in the object group is contained in the BSID.

string must be an alphanumeric string of 1 through 16 characters, and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match a 3GPP2 Base Station Identifier (BSID).

Example

The following command defines a rule expression to analyze user traffic for 3GPP2 BSID named bs001_xyz :
bearer 3gpp2 bsid = bs001_xyz 

bearer 3gpp2 service-option

This command allows you to define rule expressions to match 3GPP2 service with service options associated with the bearer.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] bearer 3gpp2 service-option operator service_option_code 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

service_option_code

Specifies the 3GPP2 service option code to match.

service_option_code must be an integer from 0 through 1000.

Usage Guidelines

Use this command to define rule expressions to match a 3GPP2 service's service option code.

Example

The following command defines a rule expression to analyze user traffic for a 3GPP2 service's service option matching 1034 :
bearer 3gpp2 service-option = 1034 

bearer apn

This command allows you to define rule expressions to match the APN used for the subscriber session.


Important


In 8.1 and later releases, this command is deprecated and is replaced by the bearer 3gpp apn command.


Product

GGSN

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] bearer apn [ case-sensitive ] operator apn_name 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

apn_name

Specifies the APN to match.

apn_name must be the name of an APN, and must be an alphanumeric string of 1 through 62 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match APN used for subscriber session.

Example

The following command defines a rule expression to match user traffic based on APN name apn12 :
bearer apn = apn12 

bearer imsi

This command allows you to define rule expressions to match IMSI number of the subscriber.


Important


In 8.1 and later releases, this command is deprecated and is replaced by the bearer 3gpp imsi command.


Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] bearer imsi { operator imsi | { !range | range } imsi-pool imsi_pool_name } 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

imsi

Specifies the IMSI number to match.

!range | range

Specifies the range criteria:

  • !range : Not in the range of

  • range : In the range of

imsi-pool imsi_pool_name

Specifies an IMSI pool.

imsi_pool_name must be the name of an IMSI pool, and must be an alphanumeric string of 1 through 63 characters.

Usage Guidelines

Use this command to define rule expressions to match IMSI number of subscriber.

Example

The following command defines a rule expression to match user traffic based on IMSI number 9198838330912 :
bearer imsi = 9198838330912 

bearer rat-type

This command allows you to define rule expressions to match Radio Access Technology (RAT) in the bearer flow.


Important


In 8.1 and later releases, this command is deprecated and is replaced by the command.


Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] bearer rat-type operator rat_type 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

rat_type

Specifies the RAT type to match.

rat_type must be one of the following:

  • geran : GSM EDGE Radio Access Network type

  • utran : UMTS Terrestrial Radio Access Network type

  • wlan : Wireless LAN type

Usage Guidelines

Use this command to define rule expressions to match a RAT type.

Example

The following command defines a rule expression to match user traffic based on RAT type wlan :
bearer rat-type = wlan 

bearer sgsn-address

This command allows you to define rule expressions to match IP address of the SGSN (in acting as GGSN) / P-GW (if acting as S-GW) in the bearer flow.


Important


In 8.1 and later releases, this command is deprecated and is replaced by the command.


Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] bearer sgsn-address operator ipv4/ipv6_address 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

ipv4/ipv6_address

Specifies the SGSN IP address to match.

ipv4/ipv6_address must be in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.

Usage Guidelines

Use this command to define rule expressions to match IP address of the SGSN (in acting as GGSN) / P-GW (if acting as S-GW).

Example

The following command defines a rule expression to match user traffic based on SGSN node IP address 10.1.1.1 :
bearer sgsn-address = 10.1.1.1 

bearer traffic-group

This command allows you to define rule expressions to match traffic group number associated with the subscriber session.


Important


This functionality is available only if the Content Access Control license has been installed on the chassis.


Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] bearer traffic-group operator group_number 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

group_number

Specifies the traffic group number to match.

group_number must be an integer from 1 through 255.

Usage Guidelines

Use this command to define rule expressions to match traffic group of the subscriber session. See the fa-ha-spi command in the HA Service Configuration Mode Commands chapter for more information.

Example

The following command defines a rule expression to analyze all traffic groups assigned a value greater or equal to 23 :
bearer traffic-group >= 23 

cca quota-state

Specifies the quota state of a subscriber for prepaid credit control service. In release 12.0 and later, this command should be used as a post-processing rule. For more information on post-processing policy command, refer to the ACS Rulebase Configuration Mode Commands chapter in this guide.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] cca quota-state operator { limit-reached | lower-bandwidth } 

no

Disables the configured credit control quota state.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

limit-reached

This state matches an affirmative end-of-quota indication for the current ruledef from the prepay server.

lower-bandwidth

This state matches the lower-bandwidth quota state of a rating group.

Usage Guidelines

This command supports URL redirection and creates a rule for subscriber prepaid quota state as exhausted or not exhausted.

If a subscriber has exhausted the quota but has not exhausted the qualified period, a different charging-action can be applied via the cca quota-state command.

Example

The following command defines a rule expression to match user traffic based on the Credit-Control Application (CCA) quota state limit-reached :
cca quota-state = limit-reached 

cca redirect-indicator

This command allows you to define rule expressions to match redirect-indicator state of the Credit Control Application. In release 12.0 and later, this command should be used as a post-processing rule. For more information on post-processing policy command, refer to ACS Rulebase Configuration Mode Commands chapter in this reference.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] cca redirect-indicator operator redirect_indicator 

no

Disables the configured CCA redirect-indicator in the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

redirect_indicator

Specifies the redirect indicator for the AVP used for redirection of the URL in the RADIUS dictionary for prepaid service. It must be an integer from 0 through 4294967295.


Important


For the RADIUS server configured with different values to return for this AVP, the ACS requires ruledefs to match the different values for system to associate with charging actions that have different redirect URLs configured.


Usage Guidelines

This command is used to configure an AVP to be used from a dictionary that defines the AVP for the redirect-indicator.

For example, a RADIUS dictionary specifies the 3gpp2-release-indicator to be used for the redirect indicator when RADIUS is used as the Credit-Control Application. In this case, the value for 3gpp2-release-indicator that is returned by the RADIUS prepaid server for a quota request for a given content ID is retained by system and associated with the flow.

Example

The following command defines a rule expression to match redirect indicator 1234 for the URL Redirect AVP:
cca redirect-indicator = 1234 

copy-packet-to-log

This command allows you to print every packet that hits the current ruledef to a log statement.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] copy-packet-to-log 

no

Disables the copy-packet-to-log feature.

copy-packet-to-log

Specifies to print packets hitting the current ruledef to a log.

Usage Guidelines

Use this command to print every packet that hits a ruledef to a log statement. This facilitates debugging.

description

Allows you to enter descriptive text for this configuration.

Product

All

Privilege

Security Administrator, Administrator

Syntax

description text 
no description 

no

Clears the description for this configuration.

text

Enter descriptive text as an alphanumeric string of 1 to 100 characters.

If you include spaces between words in the description, you must enclose the text within double quotation marks (" "), for example, "AAA BBBB".

Usage Guidelines

The description should provide useful information about this configuration.

dns answer-name

This command allows you to define rule expressions to match answer name in the answer section of DNS response messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] dns answer-name [ case-sensitive ] operator value 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

value

Specifies the value to match.

value must be an alphanumeric string of 1 through 255 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match an answer name from the answer section of DNS response messages.

The answer section of a DNS response may contain more than one answer. A maximum of seven answers from the response packet are parsed. For the equality expressions (=, contains, starts-with, ends-with) a match is sought from any of the answers in the packet (up to the first seven answers). For the inequality expressions (!=, !contains, !starts-with, !ends-with), a non-match is sought from all answers (up to the first seven answers).

Example

The following command defines a rule expression to match user traffic for answer name test :
dns answer-name = test 

dns any-match

This command allows you to define rule expressions to match all DNS packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] dns any-match operator condition 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

condition

Specifies the condition to match.

condition must be one of the following:

  • FALSE

  • TRUE

Usage Guidelines

Use this command to define an any-match rule expression to match all DNS packets.

Example

The following command defines an any-match rule expression to match all DNS packets:
dns any-match = TRUE 

dns previous-state

This command allows you to define rule expressions to match previous state of the DNS FSM.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] dns previous-state operator dns_previous_state 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

dns_previous_state

Specifies the previous state to match.

dns_previous_state must be one of the following:

  • dns-timeout

  • init

  • req-sent

  • resp-error

  • resp-success

Usage Guidelines

Use this command to define rule expressions to match previous state of DNS FSM.

Example

The following command defines a rule expression to match the DNS FSM previous state req-sent :
dns previous-state = req-sent 

dns query-name

This command allows you to define rule expressions to match query name in DNS request messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] dns query-name [ case-sensitive ] operator query_name 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

query_name

Specifies the query name to match.

query_name must be an alphanumeric string of 1 through 255 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match query name in DNS request messages.

Example

The following command defines a rule expression to match DNS query name test :
dns query-name = test 

dns query-type

This command allows you to define rule expressions to match the query type in the DNS request messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] dns query-type operator query_type 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • =: Specifies that the query-name must be equal to the one specified.

  • !=: Specifies that the query-name must not be equal to the one specified.

query_type

Specifies the query type to match.

The following query_type are supported:

  • A

  • CNAME

  • NS

  • PTR

  • SRV

  • AAA

  • TXT

  • ANY

  • NULL

Usage Guidelines

Use this command to define rule expressions to match the query type in the DNS request messages.

When enabled, the dns query-type CLI supports the following behavior:

  • DNS request with only one query is supported.

  • DNS response with multiple answers is supported. Query-type corresponding to all the answers is stored and matched to the highest priority ruledef.

  • For DNS response with multiple answers, unsupported query-type (mentioned previously) is skipped and parsing continues for remaining answers.

  • For 'TXT' and 'NULL' query types, minimal parsing occurs like only a DNS record is created and query-type is stored. 'Answer-name' is not extracted and hence the corresponding EDR field is not populated.

  • For NULL query types, response is not parsed and matching is based on the same ruledef as a Request.

This CLI is disabled by default.

Example

The following command defines a rule expression to match the DNS query type txt :
dns query-type = txt 

dns return-code

This command allows you to define rule expressions to match response code in DNS response messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] dns return-code operator return_code 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

return_code

Specifies the response code to match.

return_code must be one of the following:

  • format-error

  • name-error

  • no-error

  • not-implemented

  • refused

  • server-failure

Usage Guidelines

Use this command to define rule expressions to match response code in DNS response messages.

Example

The following command defines a rule expression to match a DNS response code refused :
dns return-code = refused 

dns state

This command allows you to define rule expressions to match current state of DNS FSM.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] dns state operator dns_current_state 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

dns_current_state

Specifies the current state to match.

dns_current_state must be one of the following:

  • dns-timeout

  • init

  • req-sent

  • resp-error

  • resp-success

Usage Guidelines

Use this command to define rule expressions to match DNS FSM current state.

Example

The following command defines a rule expression to match DNS FSM current state of req-sent :
dns state = req-sent 

dns tid

This command allows you to define rule expressions to match Transaction Identifier (TID) field in DNS messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] dns tid operator tid_value 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

tid_value

Specifies the DNS transaction identifier to match.

tid_value must be an integer from 1 through 65535.

Usage Guidelines

Use this command to define rule expressions to match a TID field of DNS messages.

Example

The following command defines a rule expression to match DNS TID field value of test :
dns tid = test 

email

This command allows you to define rule expressions to match generic e-mail message parameters. These expressions will be applicable for IMAP, MMS, POP3, and SMTP protocols.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] email { cc | content { class | type } | from | size | subject | to } [ case-sensitive ] operator value 

no

If previously configured, deletes the specified rule expression from the current ruledef.

cc

Specifies to match the "cc" field of standard e-mail message.

content { class | type }

Specifies to match the "content-type" or "content-class" field of standard e-mail message.

from

Specifies to match the "from" field of standard e-mail message.

subject

Specifies to match the "subject" field of standard e-mail message.

to

Specifies to match the "to" field of standard e-mail message.

size

Specifies to match with the total size of e-mail message specified in bytes.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following except for size :

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

operator must be one of the following for size :

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

value

Specifies the value to match.

value must be an alphanumeric string and can contain punctuation characters.

  • cc : A string of 1 through 512 characters

  • content : A string of 1 through 128 characters

  • from : A string of 1 through 64 characters

  • size : A range of bytes from 1 through 4000000000 bytes

  • subject : A string of 1 through 128 characters

  • to : A string of 1 through 512 characters

Usage Guidelines

Use this command to define rule expressions to match different fields/parameters within standard e-mail messages.

Example

The following command defines a rule expression to analyze user traffic for the occurrence of triangle in the "cc" field of e-mail messages:
email cc contains triangle@xyz.com 

end

Exits the current configuration mode and returns to the Exec mode.

Product

All

Privilege

Security Administrator, Administrator

Syntax

end 

Usage Guidelines

Use this command to return to the Exec mode.

exit

Exits the current mode and returns to the parent configuration mode.

Product

All

Privilege

Security Administrator, Administrator

Syntax

exit 

Usage Guidelines

Use this command to return to the parent configuration mode.

file-transfer any-match

This command allows you to define rule expressions to match all file-transfer packets. This expression applies to file transfers that use the FTP or HTTP protocols.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] file-transfer any-match operator condition 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

condition

Specifies the condition to match.

condition must be one of the following:

  • FALSE

  • TRUE

Usage Guidelines

Use this command to define rule expressions to match all file-transfer packets. This expression applies to file transfers that use the FTP or HTTP protocols.

Example

The following command defines a rule expression to match all file-transfer packets:
file-transfer any-match = TRUE 

file-transfer chunk-number

This command allows you to define rule expressions to match the total number of chunks in an HTTP file as determined by the File Transfer analyzer.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] file-transfer chunk-number operator chunks_number 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

chunks_number

Specifies the number of chunks to match.

chunks_number must be an integer from 1 through 65535.

Usage Guidelines

Use this command to define rule expressions to match the total number of chunks in an HTTP file as determined by the File Transfer analyzer.

Example

The following command defines a rule expression to match 150 number of chunks:
file-transfer chunk-number = 150 

file-transfer current-chunk-length

This command allows you to define rule expressions to match the length of an HTTP chunk currently in the File Transfer analyzer.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] file-transfer current-chunk-length operator current_chunk_length 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

current_chunk_length

Specifies the current chunk length value (in bytes) to match.

current_chunk_length must be an integer from 1 through 40000000.

Usage Guidelines

Use this command to define rule expressions to match the length of an HTTP chunk currently in the File Transfer analyzer.

Example

The following command defines a rule expression to match length of current HTTP chunk as 1500000 bytes:
file-transfer current-chunk-length = 1500000 

file-transfer declared-chunk-length

This command allows you to define rule expressions to match the declared length of an HTTP chunk currently in the File Transfer analyzer.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] file-transfer declared-chunk-length operator declared_chunk_length 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

declared_chunk_length

Specifies the declared chunk length value (in bytes) to match.

declared_chunk_length must be an integer from 1 through 40000000.

Usage Guidelines

Use this command to define rule expressions to match the declared length of an HTTP chunk currently in the File Transfer analyzer.

Example

The following command defines a rule expression to match declared length of the current HTTP chunk as 2500000 bytes:
file-transfer declared-chunk-length = 2500000 

file-transfer declared-file-size

This command allows you to define rule expressions to match the declared file size by the File Transfer analyzer decoding the FTP handshake.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] file-transfer declared-file-size operator declared_file_size 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

declared_file_size

Specifies the declared file size (in bytes) to match.

declared_file_size must be an integer from 1 through 40000000.

Usage Guidelines

Use this command to define rule expressions to match the declared file size by the File Transfer analyzer decoding the FTP handshake.

Example

The following command defines a rule expression to match declared file size as 2500000 bytes:
file-transfer declared-file-size = 2500000 

file-transfer filename

This command allows you to define rule expressions to match file name.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] file-transfer filename [ case-sensitive ] operator file_name 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

file_name

Specifies the file name to match.

file_name must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match file name in file-transfer.

Example

The following command defines a rule expression to match file name containing star1 :
file-transfer filename contains star1 

file-transfer previous-state

This command allows you to define rule expressions to match previous state of File Transfer FSM.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] file-transfer previous-state operator file_transfer_previous_state 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

file_transfer_previous_state

Specifies the previous state to match.

file_transfer_previous_state must be one of the following:

  • init : Specifies previous state as initialization.

  • request-sent : Specifies previous state as request sent.

  • transfer-error : Specifies previous state as transfer error.

  • transfer-ok : Specifies previous state as transfer ok.

Usage Guidelines

Use this command to define rule expressions to match previous state of File Transfer FSM.

Example

The following command defines a rule expression to match previous state of init :
file-transfer previous-state = init 

file-transfer state

This command allows you to define rule expressions to match the current state of File Transfer FSM.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] file-transfer state operator file_transfer_current_state 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

file_transfer_current_state

Specifies the current state to match.

file_transfer_current_state must be one of the following

  • init : Specifies current state as initialization.

  • request-sent : Specifies current state as request sent.

  • transfer-error : Specifies current state as transfer error.

  • transfer-ok : Specifies current state as transfer ok.

Usage Guidelines

Use this command to define rule expressions to match current state of File Transfer FSM.

The following table describes details of File Transfer FSM states with event:

Event init request-sent transfer-ok transfer-err

FTP "RETR" command or HTTP "GET" request received with chunk encoding

request-sent

Discarded

Discarded

Discarded

HTTP 2xx response received

transfer-ok

Discarded

Discarded

Discarded

HTTP 4xx or HTTP 5xx response received

transfer-error

Discarded

Discarded

Discarded

FTP reply received with reply status as file-transfer complete/successful

Discarded

transfer-ok

Discarded

Discarded

FTP reply received with reply status as file-transfer unsuccessful

Discarded

transfer-error

Discarded

Discarded

Example

The following command defines a rule expression to match file-transfer current state of init :
file-transfer state = init 

file-transfer transferred-file-size

This command allows you to define rule expressions to match the size of a file that has been transferred so far, as detected by the File Transfer analyzer.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] file-transfer transferred-file-size operator transferred_file_size 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

transferred_file_size

Specifies the transferred file size (in bytes) to match.

transferred_file_size must be an integer from 1 through 4000000000.

Usage Guidelines

Use this command to define rule expressions to match the size of the file that has been transferred so far, as detected by the File Transfer analyzer.

Example

The following command defines a rule expression to match file transferred size of 2500 bytes:
file-transfer transferred-file-size = 2500 

ftp any-match

This command allows you to define rule expressions to match all FTP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] ftp any-match operator condition 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

condition

Specifies the condition to match.

condition must be one of the following:

  • FALSE

  • TRUE

Usage Guidelines

Use this command to define a rule expression to match all FTP packets.

Example

The following command defines a rule expression to match all FTP packets:
ftp any-match = TRUE 

ftp client-ip-address

This command allows you to define rule expressions to match IP address of the FTP client.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] ftp client-ip-address operator ipv4/ipv6_address 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

ipipv4/ipv6_address

Specifies the FTP client IP address to match.

ipv4/ipv6_address must be in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.

Usage Guidelines

Use this command to define rule expressions to match an FTP client IP address, which will be either the IP source address or the IP destination address, depending on the direction.

Example

The following command defines a rule expression to match client IP address 209.165.200.225 :
ftp client-ip-address = 209.165.200.225 

ftp client-port

This command allows you to define rule expressions to match port number of the FTP client.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] ftp client-port operator port_number 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

port_number

Specifies the client port number to match.

port_number must be an integer from 1 through 65535.

Usage Guidelines

Use this command to define rule expressions to match port number of the FTP client, which will be either the TCP source port or the TCP destination port, depending on the direction.

Example

The following command defines a rule expression to match FTP client port number 10 :
ftp client-port = 10 

ftp command args

This command allows you to define rule expressions to match arguments within an FTP command.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] ftp command args [ case-sensitive ] operator argument 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

argument

Specifies the argument to match.

argument must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match arguments within an FTP command.

Example

The following command defines a rule expression to match argument ascii within an FTP command:
ftp command args = ascii 

ftp command id

This command allows you to define rule expressions to match FTP command ID.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] ftp command id operator command_id 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

command_id

Specifies the command identifier to match.

In 8.3 and earlier releases, command_id must be an integer from 0 through 15.

In 9.0 and later releases, command_id must be an integer from 0 through 18.

Usage Guidelines

Use this command to define rule expressions to match FTP command ID.

Example

The following command defines a rule expression to match the FTP command ID 10 :
ftp command id = 10 

ftp command name

This command allows you to define rule expressions to match FTP command name.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] ftp command name operator command_name 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

command_name

Specifies the command name to match.

command_name must be one of the following:

  • abor : Abort command

  • cwd : Current working directory command

  • eprt : eprt command

  • epsv : epsv command

  • list : List command

  • mode : Transfer mode command

  • pass : Password command

  • pasv : Passive command

  • port : Port command

  • quit : Quit command

  • rest : Restore command

  • retr : Retry command

  • stor : Store command

  • stru : File structure command

  • syst : System command

  • type : Type command

  • user : User command

Usage Guidelines

Use this command to define rule expressions to match FTP command name.

Example

The following command defines a rule expression to match FTP command name list :
ftp command name = list 

ftp connection-type

This command allows you to define rule expressions to match FTP connection type.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] ftp connection-type operator connection_type 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

connection_type

Specifies the connection type to match.

connection_type must be one of the following:

  • 0 : Unknown

  • 1 : Control connection

  • 2 : Data connection

Usage Guidelines

Use this command to define rule expressions to match an FTP connection type.

Example

The following command defines a rule expression to match FTP connection type 1 :
ftp connection-type = 1 

ftp data-any-match

This command allows you to define rule expressions to match all FTP data packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] ftp data-any-match operator condition 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

condition

Specifies the condition to match.

condition must be one of the following:

  • FALSE

  • TRUE

Usage Guidelines

Use this command to define rule expressions to match all FTP data packets.

Example

The following command defines a rule expression to match all FTP data packets:
ftp data-any-match = TRUE 

ftp filename

This command allows you to define rule expressions to match FTP file name.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] ftp filename [ case-sensitive ] operator file_name 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

file_name

Specifies the file name to match.

file_name must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match an FTP file name.

Example

The following command defines a rule expression to match a file named testtransfer :
ftp filename = testtransfer 

ftp pdu-length

This command allows you to define rule expressions to match the length of a current FTP packet.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] ftp pdu-length operator pdu_length 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

pdu_length

Specifies the FTP PDU length (in bytes) to match.

pdu_length must be an integer from 0 through 65535.

Usage Guidelines

Use this command to define rule expressions to match the length of a current FTP packet, that is, FTP PDU length (FTP header + FTP payload).

Example

The following command defines a rule expression to match an FTP PDU length of 9647 bytes:
ftp pdu-length = 9647 

ftp pdu-type

This command allows you to define rule expressions to match FTP Protocol Data Unit (PDU) type.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] ftp pdu-type operator pdu_type 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

pdu_type

Specifies the PDU type to match.

pdu_type must be one of the following:

  • 0 : Unknown

  • 1 : Command

  • 2 : Reply

Usage Guidelines

Use this command to define rule expressions to match a PDU type of FTP packet.

Example

The following command defines a rule expression to match FTP PDU type 1 :
ftp pdu-type = 1 

ftp previous-state

This command allows you to define rule expressions to match previous state of FTP session.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] ftp previous-state operator ftp_previous_state 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

ftp_previous_state

Specifies the previous state to match.

ftp_previous_state must be one of the following:

  • command-sent

  • init

  • response-error

  • response-ok

Usage Guidelines

Use this command to define rule expressions to match a previous state of FTP session.

Example

The following command defines a rule expression to match previous FTP state init :
ftp previous-state = init 

ftp reply code

This command allows you to define rule expressions to match FTP reply code.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] ftp reply code operator reply_code 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

reply_code

Specifies the FTP reply code to match.

reply_code must be an integer from 100 through 599.

Usage Guidelines

Use this command to define rule expressions to match an FTP reply code.

Example

The following command defines a rule expression to match FTP reply code 150 :
ftp reply code = 150 

ftp server-ip-address

This command allows you to define rule expressions to match FTP server IP address.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] ftp server-ip-address operator ipv4/ipv6_address 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

ipv4/ipv6_address

Specifies IP address of the server to match

ipv4/ipv6_address must be in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.

Usage Guidelines

Use this command to define rule expressions to match an FTP server IP address, which will be either the IP source address or the IP destination address, depending on the direction.

Example

The following command defines a rule expression to match the FTP server IP address 209.165.200.225 :
ftp server-ip-address = 209.165.200.225 

ftp server-port

This command allows you to define rule expressions to match FTP server port number.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] ftp server-port operator port 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

port

Specifies the FTP server port number to match.

port must be an integer from 1 through 65535.

Usage Guidelines

Use this command to define rule expressions to match an FTP server port number, which will be either the TCP source port or the TCP destination port, depending on the direction.

Example

The following command defines a rule expression to analyze user traffic for FTP server port 21 :
ftp server-port = 21 

ftp session-length

This command allows you to define rule expressions to match the total number of bytes sent on an FTP control connection.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] ftp session-length operator session_length 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

session_length

Specifies the FTP session length (in bytes) to match.

session_length must be an integer from 1 through 4000000000.

Usage Guidelines

Use this command to define rule expressions to match the total number of bytes sent on an FTP control connection.

Example

The following command defines a rule expression to match FTP session length of 40000 bytes:
ftp session-length = 40000 

ftp state

This command allows you to define rule expressions to match the current state of an FTP session.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] ftp state operator ftp_state 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

ftp_state

Specifies the FTP state to match.

ftp_state must be one of the following:

  • close : FTP transmissions that are in closed state.

  • command-sent : FTP transmissions that are in command-sent state.

  • response-error : FTP transmissions that are in response-error state.

  • response-ok : FTP transmissions that are in response-ok state.

Usage Guidelines

Use this command to define rule expressions to match the current state of an FTP session.

Example

The following command defines a rule expression to match FTP current state close :
ftp state = close 

ftp url

This command allows you to define rule expressions to match the FTP URL/path of a file being transferred.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] ftp url [ case-sensitive ] operator url 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

url

Specifies the URL to match.

url must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match the FTP URL/path of a file being transferred.

Example

The following command defines a rule expression to match the URL ftp://rfc.ietf.org/rfc/rfc1738.txt :
ftp url = ftp://rfc.ietf.org/rfc/rfc1738.txt 

ftp user

This command allows you to define rule expressions to match the user name FTP command packet.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] ftp user [ case-sensitive ] operator ftp_user 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

ftp_user

Specifies the FTP user name to match.

ftp_user must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match a user name FTP command.

Example

The following command defines a rule expression to match FTP user name user1 :
ftp user = user1 

http accept

This command allows you to define rule expressions to match content types that are acceptable for the response.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http accept [ case-sensitive ] operator accept_field  

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !present : Not present

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • present : Present

  • starts-with : Starts with

accept_field

Specifies the ACCEPT field present in the HTTP header to be matched.

accept_field must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match content types in the HTTP header that are acceptable for the response.

Example

The following command defines a rule expression to match content that contains cisco in HTTP ACCEPT field:
http accept contains cisco  

http any-match

This command allows you to define rule expressions to match all HTTP and HTTPS Connect Method packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http any-match operator condition 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

condition

Specifies the condition to match.

condition must be one of the following:

  • FALSE

  • TRUE

Usage Guidelines

Use this command to define rule expressions to match all HTTP packets.

Example

The following command defines a rule expression to match all HTTP packets:
http any-match = TRUE 

http attribute-in-data

This command allows you to define rule expressions to match any arbitrary attribute in the payload following the HTTP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http attribute-in-data attribute [ case-sensitive ] operator value 

no

If previously configured, deletes the specified rule expression from the current ruledef.

attribute

attribute must be an alphanumeric string of 1 through 31 characters.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

value

Specifies the value as an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match arbitrary attribute in the payload following the HTTP headers.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

http attribute-in-url

This command allows you to define rule expressions to match arbitrary attribute in the combined Host+URI HTTP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http attribute-in-url attribute [ case-sensitive ] operator value 

no

If previously configured, deletes the specified rule expression from the current ruledef.

attribute

attribute must be an alphanumeric string of 1 through 31 characters.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

value

Specifies the value as an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to configure rule expression to match an arbitrary attribute in the combined Host+URI HTTP headers.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

http content disposition

This command allows you to define rule expressions to match optional content-disposition field of HTTP entity header.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http content disposition [ case-sensitive ] operator content_disposition 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

content_disposition

This field offers a mechanism for the sender to transmit presentational information to the recipient, allowing each component of a message to be tagged with an indication of its desired presentation semantics.

content_disposition must be an alphanumeric string of 1 through 127 characters, and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match optional content-disposition field of HTTP entity header. This feature supports RFC 2616 for HTTP and RFC 1806 for Content Disposition.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

Example

The following command defines a rule expression to match content disposition successful :
http content disposition = successful 

http content length

This command allows you to define rule expressions to match the value in HTTP Content-Length entity-header field.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http content length operator content_length 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

content_length

Specifies the HTTP body length (in bytes) to match.

content_length must be an integer from 1 through 4000000000.

Usage Guidelines

Use this command to define rule expressions to match value in HTTP Content-Length entity-header field.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

Example

The following command defines a rule expression to match value of 10000 bytes in HTTP Content-Length entity-header field:
http content length = 10000 

http content range

This command allows you to define rule expressions for CAE re-addressing to verify if the HTTP Response has content-range header or not.


Important


In release 20.0, MVG is not supported. This command must not be used in release 20.0. For more information, contact your Cisco account representative.


Product

ACS

MVG

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http content range = TRUE 

no

If previously configured, deletes the specified rule expression from the current ruledef.

Usage Guidelines

Use this command to define rule expressions for CAE re-addressing to verify if the HTTP Response has content-range header or not. This header is useful in detecting HTTP video requests when using ECS DPI ruledefs based on HTTP headers/URI.

http content type

This command allows you to define rule expressions to match value in HTTP Content-Type entity-header field.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http content type [ case-sensitive ] operator content_type 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

content_type

Specifies the content type to match.

content_type must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match value in HTTP Content-Type entity-header field.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

Example

The following command defines a rule expression to match abc100 in HTTP Content-Type entity-header field:
http content type = abc100 

http cookie

This command allows you to define rule expressions to match strings in the HTTP cookie header.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http cookie [ case-sensitive ] operator cookie_string 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !present : Not present

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • present : Present

  • starts-with : Starts with

cookie_string

Specifies the string to match in the HTTP cookie header.

cookie_string must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match strings in an HTTP cookie header.

The cookie match ruleline can be combined with other rulelines having different match criteria. Multiple line cookie header strings can be combined together using a comma (,) separator.


Important


The HTTP parser can parse up to a maximum of 4096 bytes in the cookie header. In the case of multiple line cookie headers, the maximum of 4096 bytes includes the total size of all cookie header values, and the separators added to combine them.


Example

The following command defines a rule expression to match the HTTP cookie header with the string tollfree :
http cookie = tollfree 

http domain

This command allows you to define rule expressions to match the domain portion of URIs in HTTP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http domain [ case-sensitive ] operator domain 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

domain

Specifies the domain to match.

domain must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match the domain portion of URIs in HTTP packets.

From the URL, after http:// (if present) is removed, everything until the first "/" is the domain.

Example

The following command defines a rule expression to match user traffic based on domain name testdomain :
http domain = testdomain 

http error

This command allows you to define rule expressions to match for errors in HTTP packets (for example, invalid HTTP header) and errors in the HTTP analyzer FSM (Finite State Machine) while parsing HTTP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http error operator condition 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

condition

Specifies the condition to match.

condition must be one of the following:

  • FALSE

  • TRUE

Usage Guidelines

Use this command to define rule expressions to match for errors in HTTP packets and other errors in HTTP analyzer FSM while parsing HTTP packets. For example, FSM error, invalid header field values, ACS memory and buffer limit, packet related errors, and so on.

ACS supports pipelining of up to 32 HTTP requests on the same TCP connection. Pipeline overflow requests are not analyzed. Such overflow requests are treated as HTTP error. The billing system, based on this information, decides to charge or not charge, or refund the subscriber accordingly.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

Example

The following command defines a rule expression to match user traffic based on HTTP error status of TRUE :
http error = TRUE 

http first-request-packet

This command allows you to define rule expressions to match the GET or POST request, if it is the first HTTP request for the subscriber's session.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http first-request-packet operator condition 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

condition

Specifies the condition to match.

condition must be one of the following:

  • FALSE

  • TRUE

Usage Guidelines

Use this command to define rule expressions to match the GET or POST request, if it is the first HTTP request for the subscriber's session.

This expression can be connected with a charging action, so the subscriber is redirected to a splash page for the first Web access attempted.

Example

The following command defines a rule expression to match first-request-packet:
http first-request-packet = TRUE 

http header-length

This command allows you to define rule expressions to match HTTP header length.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http header-length operator header_length 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

header_length

Specifies the HTTP header length (in bytes) to match.

header_length must be an integer from 0 through 65535.

Usage Guidelines

Use this command to define rule expressions to match the length of an HTTP header.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

Example

The following command defines a rule expression to match an HTTP header length of 8000 :
http header-length = 8000 

http host

This command allows you to define rule expressions to match value in HTTP Host request-header field.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http host [ case-sensitive ] operator host_name 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • regex : Regular expression

  • starts-with : Starts with

host_name

Specifies the host name to match.

host_name must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match value in HTTP Host request-header field.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

The following table lists the special characters that you can use in regex rule expressions. For more information on regex support, refer to the Enhanced Charging Service Administration Guide.

Table 1. Special Characters Supported in Regex Rule Expressions
Regex Character Description

*

Zero or more characters

+

Zero or more repeated instances of the token preceding the +

?

Match zero or one character

Important

 

The CLI does not support configuring "?" directly, you must instead use "\077".

For example, if you want to match the string "xyz<any one character>pqr", you must configure it as:

http host regex "xyz\077pqr"

In another example, if you want to exactly match the string "url?resource=abc", you must configure it as:

http uri regex "url\\077resource=abc"

Where, the first "\" (backslash) is for the escaping of "?", and then "\077" for specifying "?" to the CLI.

\character

Escaped character

\?

Match the question mark (\<ctrl-v>?)

\+

Match the plus character

\*

Match the asterisk character

\a

Match the Alert (ASCII 7) character

\b

Match the Backspace (ASCII 8) character

\f

Match the Form-feed (ASCII 12) character

\n

Match the New line (ASCII 10) character

\r

Match the Carriage return (ASCII 13) character

\t

Match the Tab (ASCII 9) character

\v

Match the Vertical tab (ASCII 11) character

\0

Match the Null (ASCII 0) character

\\

Match the backslash character

Bracketed range [0-9]

Match any single character from the range

A leading ^ in a range

Do not match any in the range. All other characters represent themselves.

.\x##

Any ASCII character as specified in two-digit hex notation.

For example, \x5A yields a "Z".

|

Specify OR regular expression operator

Important

 

When using the regex operator "|" in regex expressions, always wrap the string in double quotes.

For example, if you want to match the string "pqr" OR "xyz", you must configure it as:

http host regex "pqr|xyz" .

Example

The following command defines a rule expression to match host1 in HTTP Host request-header field:
http host = host1 

The following command defines a regex rule expression to match either of the following values in the HTTP Host request-header field: host1, host23w01.

http host regex "host1|host23w01"  

http payload-length

This command allows you to define rule expressions to match HTTP payload length.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http payload-length operator payload_length 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

payload_length

Specifies the HTTP payload (data) length (in bytes) to match.

payload_length must be an integer from 1 through 4000000000.

Usage Guidelines

Use this command to define rule expressions to match HTTP payload (data) length (pdu-length - header-length).

Example

The following command defines a rule expression to match HTTP payload length of 100000 bytes:
http payload-length = 100000 

http pdu-length

This command allows you to define rule expressions to match the total length of a single HTTP packet.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http pdu-length operator pdu_length 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

pdu_length

Specifies the HTTP PDU length (in bytes) to match.

pdu_length must be an integer from 0 through 65535.

Usage Guidelines

Use this command to define rule expressions to match the total length of a single HTTP packet. This will also match packets with partial HTTP message (due to fragmentation).

Example

The following command defines a rule expression to match an HTTP PDU length of 10000 bytes:
http pdu-length = 10000 

http previous-state

This command allows you to define rule expressions to match previous state of HTTP sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http previous-state operator http_previous_state 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

http_previous_state

Specifies the previous state to match.

http_previous_state must be one of the following:

  • init : Initialized state

  • response-error : Response error state

  • response-ok : Response ok state

  • waiting-for-response : Waiting for response state

Usage Guidelines

Use this command to define rule expressions to match a previous state of HTTP sessions.

Example

The following command defines a rule expression to match HTTP previous state response-ok :
http previous-state = response-ok 

http referer

This command allows you to define rule expressions to match the value in the HTTP Referer request-header field.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http referer [ case-sensitive ] operator referer_name 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !present : Not present

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • present : Present

  • regex : Regular expression

  • starts-with : Starts with

referer_name

Specifies the HTTP referer name to match.

referer_name must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match value in HTTP Referer request-header field.

This feature allows an operator to collect or track all URLs visited during a particular subscriber session. These URLs include the entire string of visited URLs, including all referral links. This information is output in an Event Data Record (EDR) format to support reporting or billing functions.

For example, if a subscriber begins a mobile web session and clicks on the "Sports" link from the home deck, and then selects ESPN and moves to an advertiser link, the operator can capture all URLs for that entire session. During this period ACS collects the URLs for a particular subscriber session; collection can be limited by time duration or number of URLs visited.

ACS generates EDRs that contain HTTP URL and the HTTP referer fields along with other fields.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

The following table lists the special characters that you can use in regex rule expressions. For more information on regex support, refer to the Enhanced Charging Service Administration Guide.

Table 2. Special Characters Supported in Regex Rule Expressions
Regex Character Description

*

Zero or more characters

+

Zero or more repeated instances of the token preceding the +

?

Match zero or one character

Important

 

The CLI does not support configuring "?" directly, you must instead use "\077".

For example, if you want to match the string "xyz<any one character>pqr", you must configure it as:

http host regex "xyz\077pqr"

In another example, if you want to exactly match the string "url?resource=abc", you must configure it as:

http uri regex "url\\077resource=abc"

Where, the first "\" (backslash) is for the escaping of "?", and then "\077" for specifying "?" to the CLI.

\character

Escaped character

\?

Match the question mark (\<ctrl-v>?) character

\+

Match the plus character

\*

Match the asterisk character

\a

Match the Alert (ASCII 7) character

\b

Match the Backspace (ASCII 8) character

\f

Match the Form-feed (ASCII 12) character

\n

Match the New line (ASCII 10) character

\r

Match the Carriage return (ASCII 13) character

\t

Match the Tab (ASCII 9) character

\v

Match the Vertical tab (ASCII 11) character

\0

Match the Null (ASCII 0) character

\\

Match the backslash character

Bracketed range [0-9]

Match any single character from the range

A leading ^ in a range

Do not match any in the range. All other characters represent themselves.

.\x##

Any ASCII character as specified in two-digit hex notation.

For example, \x5A yields a "Z".

|

Specify OR regular expression operator

Important

 

When using the regex operator "|" in regex expressions, always wrap the string in double quotes.

For example, if you want to match the string "pqr" OR "xyz", you must configure it as:

http host regex "pqr|xyz" .

Example

The following command defines a rule expression to match the HTTP referer cricket.espn.com :
http referer = cricket.espn.com 

http reply code

This command allows you to define rule expressions to match status code associated with HTTP response packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http reply code operator reply_code 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

reply_code

Specifies the HTTP reply code to match.

reply_code must be an integer from 100 through 599.

Usage Guidelines

Use this command to define rule expressions to match status code associated with HTTP response codes.

Example

The following command defines a rule expression to match HTTP response code 204 :
http reply code = 204 

http reply payload

This command allows you to define rule expressions to enable video detection using HTTP payload content.


Important


In release 20.0, MVG is not supported. This command must not be used in release 20.0. For more information, contact your Cisco account representative.


Product

ACS

MVG

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http reply payload type = video 

no

If previously configured, deletes the specified rule expression from the current ruledef.

Usage Guidelines

Use this command to enable inspection for video in HTTP Response payload. Request payloads will not be inspected.

http request method

This command allows you to define rule expressions to match HTTP request method.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http request method operator request_method 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

request_method

Specifies the HTTP request method to match.

request_method must be one of the following:

  • connect

  • delete

  • get

  • head

  • options

  • post

  • put

  • trace

Usage Guidelines

Use this command to define rule expressions to match an HTTP request method.

Example

The following command defines a rule expression to match user traffic based on HTTP request method connect :
http request method = connect 

http session-length

This command allows you to define rule expressions to match HTTP session length.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http session-length operator session_length 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

session_length

Specifies the HTTP total session length (in bytes) to match.

session_length must be an integer from 1 through 4000000000.

Usage Guidelines

Use this command to define rule expressions to match a total HTTP session length.

Example

The following command defines a rule expression to match an HTTP session length of 200000 :
http session-length = 200000 

http state

This command allows you to define rule expressions to match current state of an HTTP session.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http state operator current_state 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

current_state

Specifies the current state of HTTP session to match.

current_state must be one of the following:

  • close : Closed state

  • response-error : Response error state

  • response-ok : Response ok state

  • waiting-for-response : Waiting for response state

Usage Guidelines

Use this command to define rule expressions to match a current state of an HTTP session.

Example

The following command defines a rule expression to match current state close :
http state = close 

http-tls

This command allows you to define the configuration with 256 entries in a single pool. The entries can be a mix of URL and Server Name Indication (SNI) values. The system-wide limit of URL-SNI pools is 384 entries.

Product

CUPS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

http-tls url-sni-pool pool_name 

Usage Guidelines

Use this command to define a list of URLs or SNIs for the url-sni-pool configuration. The system uses a pool of URLs or SNIs as an L7 filter within a ruledef. A ruledef can contain a combination of hostpool, portmap, and url-sni pool match. The system matches the url-sni-pool configuration along with the other rule lines criteria without occupying any of the 32 existing rule lines.

http transaction-length

This command allows you to define rule expressions to match HTTP transaction length (combined length of one HTTP GET Request message and its associated response messages).

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http transaction-length { operator transaction_length | { { range | !range } range_from to range_to } } 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

transaction_length

Specifies the HTTP transaction length (in bytes) to match.

transaction_length must be an integer from 1 through 4000000000.

{ range | !range } range_from to range_to

Enables or disables the range criteria for length of transaction.

  • range : Enables the range criteria for HTTP transaction length.

  • !range : Disables the range criteria for HTTP transaction length.

  • range_from : Specifies the start of range (in bytes) for HTTP transaction length.

  • range_to : Specifies the end of range (in bytes) for HTTP transaction length.

Usage Guidelines

Use this command to define rule expressions to match an HTTP transaction length [one HTTP GET Request message + associated response message(s)] in bytes.

Example

The following command defines a rule expression to match an HTTP transaction length of 10200 bytes:
http transaction-length = 10200 

http transfer-encoding

This command allows you to define rule expressions to match the value in HTTP Transfer-Encoding general-header field.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http transfer-encoding [ case-sensitive ] operator transfer_encoding 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

transfer_encoding

Specifies the HTTP transfer encoding to match.

transfer_encoding must be an alphanumeric string of 1 through 127 characters, and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match the value in HTTP Transfer-Encoding general-header field.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

Example

The following command defines a rule expression to match the value chunked in HTTP Transfer-Encoding general-header field:
http transfer-encoding = chunked 

http uri

This command allows you to define rule expressions to match HTTP URI.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http uri [ case-sensitive ] operator uri 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • regex : Regular expression

  • starts-with : Starts with

uri

Specifies the HTTP URI to match.

uri must be an alphanumeric string of 1 through 127 characters, and can contain punctuation characters, and excludes the "host" portion.

Usage Guidelines

Use this command to define rule expressions to match an HTTP URI, excluding the host portion.

The following table lists the special characters that you can use in regex rule expressions. For more information on regex support, refer to the Enhanced Charging Service Administration Guide.

Table 3. Special Characters Supported in Regex Rule Expressions
Regex Character Description

*

Zero or more characters

+

Zero or more repeated instances of the token preceding the +

?

Match zero or one character

Important

 

The CLI does not support configuring "?" directly, you must instead use "\077".

For example, if you want to match the string "xyz<any one character>pqr", you must configure it as:

http host regex "xyz\077pqr"

In another example, if you want to exactly match the string "url?resource=abc", you must configure it as:

http uri regex "url\\077resource=abc"

Where, the first "\" (backslash) is for the escaping of "?", and then "\077" for specifying "?" to the CLI.

\character

Escaped character

\?

Match the question mark (\<ctrl-v>?) character

\+

Match the plus character

\*

Match the asterisk character

\a

Match the Alert (ASCII 7) character

\b

Match the Backspace (ASCII 8) character

\f

Match the Form-feed (ASCII 12) character

\n

Match the New line (ASCII 10) character

\r

Match the Carriage return (ASCII 13) character

\t

Match the Tab (ASCII 9) character

\v

Match the Vertical tab (ASCII 11) character

\0

Match the Null (ASCII 0) character

\\

Match the backslash character

Bracketed range [0-9]

Match any single character from the range

A leading ^ in a range

Do not match any in the range. All other characters represent themselves.

.\x##

Any ASCII character as specified in two-digit hex notation.

For example, \x5A yields a "Z".

|

Specify OR regular expression operator

Important

 

When using the regex operator "|" in regex expressions, always wrap the string in double quotes.

For example, if you want to match the string "pqr" OR "xyz", you must configure it as:

http host regex "pqr|xyz" .

Example

The following command defines a rule expression to match the HTTP URI string http://www.somehost.com :
http uri = http://www.somehost.com 

The following command defines a regex rule expression to match either of the following or similar values in the HTTP URI string: http://server19.com/search?form=zip, http://server20.com/search?form=pdf

http uri regex "(http://|http://www).server[0-2][0-9].com/search?form=(pdf|zip)" 

http url

This command allows you to define rule expressions to match HTTP URL.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http url [ case-sensitive ] operator url 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • regex : Regular expression

  • starts-with : Starts with

url

Specifies the HTTP URL to match.

url must be an alphanumeric string of 1 through 127 characters. that allows punctuation characters and includes "host + URI" for HTTP PDUs.

For example, in case of the URL "http://www.google.fr/", the host is "http://www.google.fr", and the URI is "/":
Hypertext Transfer Protocol 
  GET / HTTP/1.1\r\n 
    Request Method: GET 
    Request URI: / 
    Request Version: HTTP/1.1 
  Accept: */*\r\n 
  Accept-Language: fr\r\n 
  Accept-Encoding: gzip, deflate\r\n 
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)\r\n 
  Host: www.google.fr\r\n 
  Connection: Keep-Alive\r\n 
  \r\n 

Usage Guidelines

Use this command to define rule expressions to match HTTP URL.


Important


When rule lines are added or modified, the entire trie is recreated and it mallocs memory for every URL present in the configuration. This leads to huge memory allocation that gets freed once the trie is created.


The following table lists the special characters that you can use in regex rule expressions. For more information on regex support, refer to the ECS Administration Guide.

Table 4. Special Characters Supported in Regex Rule Expressions
Regex Character Description

*

Zero or more characters

+

Zero or more repeated instances of the token preceding the +

?

Match zero or one character

Important

 

The CLI does not support configuring "?" directly, you must instead use "\077".

For example, if you want to match the string "xyz<any one character>pqr", you must configure it as:

http host regex "xyz\077pqr"

In another example, if you want to exactly match the string "url?resource=abc", you must configure it as:

http uri regex "url\\077resource=abc"

Where, the first "\" (backslash) is for the escaping of "?", and then "\077" for specifying "?" to the CLI.

\character

Escaped character

\?

Match the question mark (\<ctrl-v>?) character

\+

Match the plus character

\*

Match the asterisk character

\a

Match the Alert (ASCII 7) character

\b

Match the Backspace (ASCII 8) character

\f

Match the Form-feed (ASCII 12) character

\n

Match the New line (ASCII 10) character

\r

Match the Carriage return (ASCII 13) character

\t

Match the Tab (ASCII 9) character

\v

Match the Vertical tab (ASCII 11) character

\0

Match the Null (ASCII 0) character

\\

Match the backslash character

Bracketed range [0-9]

Match any single character from the range

A leading ^ in a range

Do not match any in the range. All other characters represent themselves.

.\x##

Any ASCII character as specified in two-digit hex notation.

For example, \x5A yields a "Z".

|

Specify OR regular expression operator

Important

 

When using the regex operator "|" in regex expressions, always wrap the string in double quotes.

For example, if you want to match the string "pqr" OR "xyz", you must configure it as:

http host regex "pqr|xyz" .

Example

The following command defines a rule expression to match the HTTP URL http://rfc.ietf.org/rfc/rfc1738.txt :
http url = http://rfc.ietf.org/rfc/rfc1738.txt 

The following command defines a regex rule expression to match either of the following or similar values in the HTTP URL string: http://yahoo.com, http://www.yahoo.co.in, http://yahoo.com/news.

http url regex "(http://|http://www).yahoo.(co.in|com)*" 

http user-agent

This command allows you to define rule expressions to match the User-Agent request-header field of HTTP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http user-agent [ case-sensitive ] operator user_agent 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !present : Not present

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • present : Present

  • starts-with : Starts with

user_agent

Specifies the HTTP user agent value to match.

user_agent must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match value in HTTP user-agent header field.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

Example

The following command defines a rule expression to match xyz.123 in HTTP user-agent header field:
http user-agent = xyz.123 

http version

This command allows you to define rule expressions to match version information in HTTP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http version [ case-sensitive ] operator http_version 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !present : Not present

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • present : Present

  • starts-with : Starts with

http_version

Specifies this HTTP version value to match.

http_version must be an alphanumeric string of 1 through 127 characters, and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match HTTP version.

Example

The following command defines a rule expression to match HTTP version http4.2 :
http version = http4.2 

http x-header

This command allows you to define rule expressions to match specified field within extension-headers (x-headers).

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] http x-header field_name [ case-sensitive ] operator string 

no

If previously configured, deletes the specified rule expression from the current ruledef.

field_name

field_name must be an alphanumeric string of 1 through 31 characters.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !present : Not present

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • present : Present

  • starts-with : Starts with

string

Specifies the HTTP x-header value to match.

string must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match specified fields within x-headers. The extension-header can be any header field not specified in RFCs.

All x-header fields must begin with "x-".

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

Example

The following command defines a rule expression to match the extension-header test_field for the value test_string :
http x-header test_field = test_string 

icmp any-match

This command allows you to define rule expressions to match all ICMP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] icmp any-match operator condition 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

condition

Specifies the condition to match.

condition must be one of the following:

  • FALSE

  • TRUE

Usage Guidelines

Use this command to define rule expressions to match all ICMP packets.

Example

The following command defines a rule expression to match all ICMP packets:
icmp any-match = TRUE 

icmp code

This command allows you to define rule expressions to match value in the Code field of ICMP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] icmp code operator code 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

code

Specifies the ICMP code to match.

code must be an integer from 0 through 255.

Usage Guidelines

Use this command to define rule expressions to match a code field of ICMP packets.

Example

The following command defines a rule expression to match ICMP code 11 :
icmp code = 11 

icmp type

This command allows you to define rule expressions to match value in Type field of ICMP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] icmp type operator type 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

type

Specifies the ICMP type to match.

type must be an integer from 0 through 255. For example, 0 for Echo Reply, 3 for Destination Unreachable, and 5 for Redirect.

Usage Guidelines

Use this command to define rule expressions to match a type field of ICMP packets.

Example

The following command defines a rule expression to match user traffic based on ICMP type 3 :
icmp type = 3 

icmpv6 any-match

This command allows you to define rule expressions to match all ICMPv6 packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] icmpv6 any-match operator condition 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

condition

Specifies the condition to match.

condition must be one of the following:

  • FALSE

  • TRUE

Usage Guidelines

Use this command to define rule expressions to match all ICMPv6 packets.

Example

The following command defines a rule expression to match all ICMPv6 packets:
icmpv6 any-match = TRUE 

icmpv6 code

This command allows you to define rule expressions to match value in Code field of ICMPv6 packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] icmpv6 code operator code 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

code

Specifies the ICMPv6 code to match.

code must be an integer from 0 through 255.

Usage Guidelines

Use this command to define rule expressions to match a code field of ICMPv6 packets.

Example

The following command defines a rule expression to match ICMPv6 code 134 :
icmpv6 code = 134 

icmpv6 type

This command allows you to define rule expressions to match type field of ICMPv6 packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] icmpv6 type operator type 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

type

Specifies the ICMPv6 type to match.

type must be an integer from 0 through 255. For example, 129 for Echo Reply, 3 for Time Exceeded, and 137 for Redirect Message.

Usage Guidelines

Use this command to define rule expressions to match type field of ICMPv6 packets.

Example

The following command defines a rule expression to match ICMPv6 type 133 :
icmpv6 type = 133 

if-protocol

This command allows you to associate different content IDs with the same ruledef, depending on the protocol being used.

Product


Important


In StarOS 18.0 and later releases, this command has been deprecated.


ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

if-protocol { http | wsp-connection-less | wsp-connection-oriented } content-id content_id 
no if-protocol { http | wsp-connection-less | wsp-connection-oriented } 

no

If previously configured, deletes the specified rule expression from the current ruledef.

http

Specifies HTTP protocol.

This is the same as the rule expression http any-match = true .

wsp-connection-less

Specifies WSP connection-less protocol.

This is the same as requiring "wsp any-match = true " but "wtp any-match = false " (that is, connection-less WAP1.x).

wsp-connection-oriented

Specifies WSP connection-oriented protocol.

This is the same as the combined rule expression "wsp any-match = true " and "wtp any-match = true " (that is, connection-oriented WAP1.x).

content-id content_id

Specifies the content ID for the specified protocol.

In 12.1 and earlier releases, content_id must be an integer from 1 through 65535.

In 12.2 and later releases, content_id must be an integer from 1 through 2147483647.

Usage Guidelines

Use this command to associate different content IDs with the same ruledef, depending on the protocol being used.

This command is only effective for charging ruledefs. See the command for information on how to configure charging ruledefs.

If a particular ruledef should have three different values for content-id, depending on whether the traffic is connection-oriented WAP1.x, connection-less WAP1.x, or WAP2.0, within the ruledef we should have configuration similar to the following:

if-protocol wsp-connection-oriented content-id 1

if-protocol wsp-connection-less content-id 2

if-protocol http content-id 3

Presumably, the ruledef would have another configurable like "www url contains foo ", which would cause it to use different content IDs when "foo" was accessed, depending upon the protocol being used.

Example

The following command associates HTTP protocol and a content ID of 23 :
if-protocol http content-id 23  

imap any-match

This command allows you to define rule expressions to match all IMAP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] imap any-match operator condition 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

condition

Specifies the condition to match.

condition must be one of the following:

  • FALSE

  • TRUE

Usage Guidelines

Use this command to define rule expressions to match all IMAP packets.

Example

The following command defines a rule expression to match all IMAP packets:
imap any-match = TRUE 

imap cc

This command allows you to define rule expressions to match recipient address in the Carbon Copy (cc) field of e-mails in IMAP messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] imap cc [ case-sensitive ] operator cc_address 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

cc_address

Specifies the e-mail "cc" address/name to match.

cc_address must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match recipient address in the "cc" field of e-mails in IMAP messages.

Example

The following command defines a rule expression to match recipient address triangle@xyz.com in the "cc" field of e-mails in IMAP messages:
imap cc contains triangle@xyz.com 

imap command

This command allows you to define rule expressions to match embedded IMAP commands in IMAP messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] imap command operator command 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

command

Specifies the command to match.

command must be one of the following:

  • append

  • authenticate

  • capability

  • check

  • close

  • copy

  • create

  • delete

  • examine

  • expunge

  • fetch

  • list

  • login

  • logout

  • lsub

  • noop

  • rename

  • search

  • select

  • starttls

  • status

  • store

  • subscribe

  • uid-copy

  • uid-fetch

  • uid-search

  • uid-store

  • unsubscribe

Usage Guidelines

Use this command to define rule expressions to match an embedded command in the IMAP message.

Example

The following command defines a rule expression to match close command in IMAP messages:
imap command = close 

imap content class

This command allows you to define rule expressions to match the content-class field of e-mails in IMAP messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] imap content class [ case-sensitive ] operator content_class 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

content_class

Specifies the content class to match.

content_class must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match the content-class field of e-mails in IMAP messages.

Example

The following command defines a rule expression to analyze user traffic matching content class javax.mail.internet.MimeMultipart in the content-class field of e-mails in IMAP messages:
imap content class contains javax.mail.internet.MimeMultipart 

imap content type

This command allows you to define rule expressions to match the content-type field of e-mails in IMAP messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] imap content type [ case-sensitive ] operator content_type 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

content_type

Specifies the content type field to match.

content_type must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match the content-type field of e-mails in IMAP messages.

Example

The following command defines a rule expression to analyze user traffic matching content type TEXT/plain; charset=iso-8859-1 in the content-type field of e-mails in IMAP messages:
imap content type contains TEXT/plain; charset=iso-8859-1 

imap date

This command allows you to define rule expressions to match the Date field of e-mails in IMAP messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] imap date [ case-sensitive ] operator date 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

date

Specifies the date to match.

date must be an alphanumeric string of 1 through 127 characters that may include punctuation marks and spaces as shown in the example below.

Usage Guidelines

Use this command to define rule expressions to match the date field of e-mails in IMAP messages.

Example

The following command defines a rule expression to analyze user traffic matching date Fri, 20 Jan 2012 11:00:00 -0600 in the "date" field of e-mails in IMAP messages:
imap date contains Fri, 21 Jan 2012 11:00:00 -0600 

imap final-reply

This command allows you to define rule expressions to match final-reply value for the last IMAP final-reply message.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] imap final-reply operator final_reply 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

final_reply

Specifies the "final-reply" condition to match.

final_reply must be one of the following:

  • bad : Final reply is invalid or bad.

  • no : There is no final reply.

  • ok : Final reply is valid.

Usage Guidelines

Use this command to define rule expressions to match a final-reply value for the last IMAP final-reply message.

Example

The following command defines a rule expression to analyze user traffic matching the final-reply condition bad in the last IMAP final-reply message:
imap final-reply = bad 

imap from

This command allows you to define rule expressions to match the from field of e-mails in IMAP messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] imap from [ case-sensitive ] operator from_address 

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • !contains : Does not contain

  • !ends-with : Does not end with

  • !starts-with : Does not start with

  • = : Equals

  • contains : Contains

  • ends-with : Ends with

  • starts-with : Starts with

from_address

Specifies the "from" address/value to match.

from_address must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match the from field of e-mails in IMAP messages.

Example

The following command defines a rule expression to analyze user traffic matching triangle in the "from" field of e-mails in the IMAP messages:
imap from contains triangle 

imap mail-size

This command allows you to define rule expressions to match IMAP e-mail users that have e-mails of a specified size in their mailboxes.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] imap mail-size operator mail_size 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

mail_size

Specifies the total size of mail, in bytes, to match.

mail_size must be an integer from 0 through 4000000000.

Usage Guidelines

Use this command to define rule expressions to discover the number of IMAP e-mail users that have e-mails of a specified size in their mailboxes.

Example

The following command defines a rule expression to match users with e-mail size less than or equal to 23400 bytes:
imap mail-size <= 23400 

imap mailbox-size

This command allows you to define rule expressions to match IMAP e-mail user having a specified number of messages in their mailboxes.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] imap mailbox-size operator number_of_email 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

number_of_email

Specifies the total number of e-mail messages in mailbox of an IMAP user to match.

number_of_email must be an integer from 0 through 65535.

Usage Guidelines

Use this command to define rule expressions to match the number of IMAP e-mail users having a specified number of messages in their mailboxes.

Example

The following command defines a rule expression to match e-mail users having less than or equal to 1024 e-mail messages in their mailboxes:
imap mailbox-size <= 1024 

imap message-type

This command allows you to define rule expressions to match the type of IMAP packet.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] imap message-type operator message_type 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

message_type

Specifies the IMAP packet message-type to match.

message_type must be one of the following:

  • command-continuation-reply : Message with command-continuation-reply type.

  • final-reply : Message is of final reply type.

  • request : There is of request type.

  • untagged-reply : Message of reply type, but without any tag.

Usage Guidelines

Use this command to define rule expressions to match the IMAP message type.

Example

The following command defines a rule expression to match IMAP sessions with message type request :
imap message-type = request 

imap previous-state

This command allows you to define rule expressions to match the previous state of IMAP request sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] imap previous-state operator imap_previous_state 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

imap_previous_state

Specifies the previous state to match.

imap_previous_state must be one of the following:

  • init : Message in initialization state.

  • request-sent : Message in request-sent state.

Usage Guidelines

Use this command to define rule expressions to match previous state of IMAP request session.

Example

The following command defines a rule expression to match IMAP sessions with previous state init :
imap previous-state = init 

imap session-length

This command allows you to define rule expressions to match the total length of an IMAP session.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] imap session-length operator session_length 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • <= : Lesser than or equals

  • = : Equals

  • >= : Greater than or equals

session_length

Specifies the total length of IMAP session (in bytes) to match.

session_length must be an integer from 1 through 4000000000.

Usage Guidelines

Use this command to define rule expressions to match the total length of IMAP sessions.

The session length is calculated by adding together the IP payloads (that is, starting after the IP header) of all relevant IMAP session packets.

Example

The following command defines a rule expression to match IMAP sessions with length less than or equal to 4000 bytes:
imap session-length <= 4000 

imap session-previous-state

This command allows you to define rule expressions to match the previous state of an IMAP session.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] imap session-previous-state operator imap_session_previous_state 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

imap_session_previous_state

Specifies the previous state of IMAP session to match.

imap_session_previous_state must be one of the following:

  • authenticated : Session authenticated

  • connected : Session connected

  • init : Session initialized

  • mailbox-selected : Mailbox selected

Usage Guidelines

Use this command to define rule expressions to match the previous state of IMAP sessions.

Example

The following command defines a rule expression to match IMAP sessions with previous state init :
imap session-previous-state = init 

imap session-state

This command allows you to define rule expressions to match the current state of IMAP sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] imap session-state operator session_current_state 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

session_current_state

Specifies the current state to match.

session_current_state must be one of the following:

  • authenticated : Session authenticating.

  • connected : Session connecting.

  • logout : Session logged out.

  • mailbox-selected : Mailbox selecting.

Usage Guidelines

Use this command to define rule expressions to match the current state of IMAP sessions.

Example

The following command defines a rule expression to match IMAP sessions with current state connected :
imap session-state = connected 

imap state

This command allows you to define rule expressions to match the current state of IMAP sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)# 

Syntax

[ no ] imap state operator current_state 

no

If previously configured, deletes the specified rule expression from the current ruledef.

operator

Specifies how to match.

operator must be one of the following:

  • != : Does not equal

  • = : Equals

current_state

Specifies current state of IMAP session to match.

current_state must be one of the following:

  • request-sent : Request message sent

  • response-fail : Request response failed

  • response-ok : Request response is good