https://community.cisco.com/t5/network-security/signature-definition-files-sdf/m-p/1794066#M56462 <P>Hello,</P><P></P><P>What’s this file for and why do i need it - namely <STRONG>IOS-S573-CLI.pkg</STRONG> if I already have the <STRONG>256MB.sdf </STRONG>file to load via the SDM onto the router</P><P></P><P></P><P>Do the two files complement each other?</P><P></P><P></P><P>I also downloaded this file: <STRONG>sigv5-SDM-S555</STRONG> but I am not sure what it does?</P><P></P><P></P><P>Has anyone used Cisco Configuration Protocol (CCP) to upload the signature definitions to the router or is it easier to do it via the SDM?</P><P></P><P>any advice appreciated.</P><P>Kevin</P> Sun, 10 Mar 2019 12:26:39 GMT ohareka70 2019-03-10T12:26:39Z https://community.cisco.com/t5/network-security/signature-definition-files-sdf/m-p/1794066#M56462 <P>Hello,</P><P></P><P>What’s this file for and why do i need it - namely <STRONG>IOS-S573-CLI.pkg</STRONG> if I already have the <STRONG>256MB.sdf </STRONG>file to load via the SDM onto the router</P><P></P><P></P><P>Do the two files complement each other?</P><P></P><P></P><P>I also downloaded this file: <STRONG>sigv5-SDM-S555</STRONG> but I am not sure what it does?</P><P></P><P></P><P>Has anyone used Cisco Configuration Protocol (CCP) to upload the signature definitions to the router or is it easier to do it via the SDM?</P><P></P><P>any advice appreciated.</P><P>Kevin</P> Sun, 10 Mar 2019 12:26:39 GMT https://community.cisco.com/t5/network-security/signature-definition-files-sdf/m-p/1794066#M56462 ohareka70 2019-03-10T12:26:39Z https://community.cisco.com/t5/network-security/signature-definition-files-sdf/m-p/1794067#M56463 <HTML><HEAD></HEAD><BODY><P>Kevin,</P><P></P><P>&nbsp;&nbsp;&nbsp; Signature Files with "IOS-SXXX-CLI.pkg" are the most up to date signature files for download from cisco. The files that come with SDM that end in ".sdf" are v4.x signature format. So, depending on the code you have you have a router with supports 4.x or 5.x signature. You can type "show subsys name ips" to figure out which version your IOS supports. In the output of the command if you see Version 3.X then that means it runs version 5.x signature. If you router runs 4.x signature then you will 2.x in the output of the command. (Cisco changed the format of the signatures when going to 5.x so 4.x and 5.x signatures are not compatible.)</P><P>&nbsp;&nbsp;&nbsp; In addition, the 256MB.sdf file that comes with SDM only has about 500 signatures that it load. If you load the full </P><P>"IOS-SXXX-CLI.pkg" it has something like two or three thousand possible signatures. Lastly, the file "<STRONG>sigv5-SDM-S555.zip" file is what you would load from the GUI of SDM, or CCP. The </STRONG></P><P>"IOS-SXXX-CLI.pkg" files I have used to load from the command line.</P><P><STRONG>(I'll admit I haven't played with CCP yet so I can't positively confirm if it will take both SDM or IOS files from the GUI. I mainly have been toying with SDM, which is junk.)</STRONG></P><P><STRONG>&nbsp;&nbsp;&nbsp;&nbsp; Overall for "easiest deployment" of signatures I would use the command line. However, to do a lot of the tuning it is easier in a GUI. For the command line proceedures see the document below.</STRONG></P><P><STRONG>&nbsp;&nbsp;&nbsp;&nbsp; Hopefully, this all helps. Have a good day.</STRONG></P><P></P><P><STRONG>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -Kryptkeepr</STRONG></P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/customer/docs/ios/sec_data_plane/configuration/guide/sec_ips5_sig_fs_ue_ps6441_TSD_Products_Configuration_Guide_Chapter.html">http://www.cisco.com/en/US/customer/docs/ios/sec_data_plane/configuration/guide/sec_ips5_sig_fs_ue_ps6441_TSD_Products_Configuration_Guide_Chapter.html</A></P></BODY></HTML> Fri, 12 Aug 2011 17:12:08 GMT https://community.cisco.com/t5/network-security/signature-definition-files-sdf/m-p/1794067#M56463 Kryptkeeper 2011-08-12T17:12:08Z