https://community.cisco.com/t5/network-security/disabling-sig-via-cli/m-p/360077#M96698 <HTML><HEAD></HEAD><BODY><P>If I understood your question correctly, you can try "show setting | include <SIGID>" after tune command as shown below :</SIGID></P><P></P><P>sensor(config)# ser virtual-sensor-configuration virtualSensor</P><P></P><P>sensor(config-vsc)# tune</P><P></P><P>sensor(config-vsc-virtualSensor)# show set | include 2100</P><P> SWEEP.HOST.ICMP</P><P> -----------------------------------------------</P><P> signatures (min: 0, max: 1000, current: 3)</P><P> -----------------------------------------------</P><P> SIGID: 2100 <PROTECTED></PROTECTED></P><P> -----------------------------------------------</P><P> -----------------------------------------------</P><P></P><P>This will provide you the engine name. </P><P></P><P>Answer to your second question, yes the sig will be disabled and applying new signature update will not overwrite the changes.</P><P></P></BODY></HTML> Fri, 25 Mar 2005 06:44:28 GMT mkodali 2005-03-25T06:44:28Z https://community.cisco.com/t5/network-security/disabling-sig-via-cli/m-p/360074#M96694 <P>Apologies in advance for the newbie question but I can't seem to figure out the straightforward process to get this done.</P><P></P><P>Working with a Cisco 4215 running 4.1(4). All I'm looking to do is disable 'ICMP Network Sweep w/Echo' (SIGID 2100, subSIGID 0) via the CLI. I've got as far as </P><P></P><P># conf t</P><P># service virtual-sensor-configuration virtualSensor</P><P># tune-micro-engines</P><P></P><P>I see the signature engines but am uncertain as to which sig engine is associated with 'ICMP Network Sweep w/Echo' and then how to disable from there. Thanks in advance for any assistance. </P> Sun, 10 Mar 2019 09:21:11 GMT https://community.cisco.com/t5/network-security/disabling-sig-via-cli/m-p/360074#M96694 gdntsoc 2019-03-10T09:21:11Z https://community.cisco.com/t5/network-security/disabling-sig-via-cli/m-p/360075#M96695 <HTML><HEAD></HEAD><BODY><P>When you access the sensor via CLI, is it via console or SSH?</P><P></P><P>I ask because if you're using SSH, it would be far easier to turn off SigID 2100 using IDM. Of course, access to a sensor's configuration via IDM is performed using a web browser.</P><P></P><P>To get back to your question about which engine is associated with SigID 2100, it is SWEEP.HOST.ICMP</P><P></P><P>There are three SigIDs under the engine; 2100, 2101 and 2102. This should get you going again under CLI if you're stuck with local access to the sensor via console only.</P><P></P><P>I hope this helps,</P><P>Alex Arndt</P></BODY></HTML> Thu, 24 Mar 2005 16:39:46 GMT https://community.cisco.com/t5/network-security/disabling-sig-via-cli/m-p/360075#M96695 a.arndt 2005-03-24T16:39:46Z https://community.cisco.com/t5/network-security/disabling-sig-via-cli/m-p/360076#M96696 <HTML><HEAD></HEAD><BODY><P>Alex,</P><P></P><P>That helped tremendously. Thank you. Two quick follow up questions...</P><P></P><P>1. How does one associate a signature with a specific engine? I know that the engine name is a start but is there a table I can reference somewhere?</P><P>2. When I disable a sig, is that permanent? In otherwords, will applying new signature updates overwrite my changes?</P><P></P><P>Thank you again.</P></BODY></HTML> Thu, 24 Mar 2005 16:48:43 GMT https://community.cisco.com/t5/network-security/disabling-sig-via-cli/m-p/360076#M96696 gdntsoc 2005-03-24T16:48:43Z https://community.cisco.com/t5/network-security/disabling-sig-via-cli/m-p/360077#M96698 <HTML><HEAD></HEAD><BODY><P>If I understood your question correctly, you can try "show setting | include <SIGID>" after tune command as shown below :</SIGID></P><P></P><P>sensor(config)# ser virtual-sensor-configuration virtualSensor</P><P></P><P>sensor(config-vsc)# tune</P><P></P><P>sensor(config-vsc-virtualSensor)# show set | include 2100</P><P> SWEEP.HOST.ICMP</P><P> -----------------------------------------------</P><P> signatures (min: 0, max: 1000, current: 3)</P><P> -----------------------------------------------</P><P> SIGID: 2100 <PROTECTED></PROTECTED></P><P> -----------------------------------------------</P><P> -----------------------------------------------</P><P></P><P>This will provide you the engine name. </P><P></P><P>Answer to your second question, yes the sig will be disabled and applying new signature update will not overwrite the changes.</P><P></P></BODY></HTML> Fri, 25 Mar 2005 06:44:28 GMT https://community.cisco.com/t5/network-security/disabling-sig-via-cli/m-p/360077#M96698 mkodali 2005-03-25T06:44:28Z https://community.cisco.com/t5/network-security/disabling-sig-via-cli/m-p/360078#M96700 <HTML><HEAD></HEAD><BODY><P>That's exactly what I was looking for. Thanks again for the help, I really appreciate it.</P></BODY></HTML> Fri, 25 Mar 2005 13:43:14 GMT https://community.cisco.com/t5/network-security/disabling-sig-via-cli/m-p/360078#M96700 gdntsoc 2005-03-25T13:43:14Z