soc

Function

The soc command enables the SOC's attack detection and attack source tracing functions and displays the SOC view.

The undo soc command disables the SOC's attack detection and attack source tracing functions.

By default, the SOC's attack detection and attack source tracing functions are enabled.

Format

soc

undo soc

Parameters

None

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
soc write

Usage Guidelines

Usage Scenario

Attack detection and attack source tracing are key SOC functions and must be enabled for the SOC to function.

If attack detection and attack source tracing have been enabled, running the soc command directly displays the SOC view.

Configuration Impact

After attack detection and attack source tracing are enabled, when the CPU usage, the percentage of the number of invalid packets or sessions to the total number of packets or sessions, or packet loss rate exceeds the attack detection threshold, the SOC determines that the device is being attacked and starts attack source tracing. The SOC samples attack packets, analyzes collected data, and determines the attack events based on the preconfigured thresholds for determining the location, cause, and probability of the attack events. Then the SOC generates attack event reports and also generates an alarm for each attack event.

After attack detection and attack source tracing are disabled, the SOC still collects data but neither performs attack detection and attack source tracing nor generates alarms.

In VS mode, this command is supported only by the admin VS.

Example

# Enable the SOC's attack detection and attack source tracing functions.
<HUAWEI> system-view
[~HUAWEI] soc
Parent Topic: SOC Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic