Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
643
Views
0
Helpful
4
Replies

Disabling sig via CLI

gdntsoc
Level 1
Level 1

‎03-24-2005 06:40 AM - edited ‎03-10-2019 01:21 AM

Apologies in advance for the newbie question but I can't seem to figure out the straightforward process to get this done.

Working with a Cisco 4215 running 4.1(4). All I'm looking to do is disable 'ICMP Network Sweep w/Echo' (SIGID 2100, subSIGID 0) via the CLI. I've got as far as

# conf t

# service virtual-sensor-configuration virtualSensor

# tune-micro-engines

I see the signature engines but am uncertain as to which sig engine is associated with 'ICMP Network Sweep w/Echo' and then how to disable from there. Thanks in advance for any assistance.

Labels:
0 Helpful
4 Replies 4

a.arndt
Level 3
Level 3

‎03-24-2005 08:39 AM

When you access the sensor via CLI, is it via console or SSH?

I ask because if you're using SSH, it would be far easier to turn off SigID 2100 using IDM. Of course, access to a sensor's configuration via IDM is performed using a web browser.

To get back to your question about which engine is associated with SigID 2100, it is SWEEP.HOST.ICMP

There are three SigIDs under the engine; 2100, 2101 and 2102. This should get you going again under CLI if you're stuck with local access to the sensor via console only.

I hope this helps,

Alex Arndt

0 Helpful

gdntsoc
Level 1
Level 1
In response to a.arndt

‎03-24-2005 08:48 AM

Alex,

That helped tremendously. Thank you. Two quick follow up questions...

1. How does one associate a signature with a specific engine? I know that the engine name is a start but is there a table I can reference somewhere?

2. When I disable a sig, is that permanent? In otherwords, will applying new signature updates overwrite my changes?

Thank you again.

0 Helpful

mkodali
Cisco Employee
Cisco Employee
In response to gdntsoc

‎03-24-2005 10:44 PM

If I understood your question correctly, you can try "show setting | include " after tune command as shown below :

sensor(config)# ser virtual-sensor-configuration virtualSensor

sensor(config-vsc)# tune

sensor(config-vsc-virtualSensor)# show set | include 2100

SWEEP.HOST.ICMP

-----------------------------------------------

signatures (min: 0, max: 1000, current: 3)

-----------------------------------------------

SIGID: 2100

-----------------------------------------------

-----------------------------------------------

This will provide you the engine name.

Answer to your second question, yes the sig will be disabled and applying new signature update will not overwrite the changes.

0 Helpful

gdntsoc
Level 1
Level 1
In response to mkodali

‎03-25-2005 05:43 AM

That's exactly what I was looking for. Thanks again for the help, I really appreciate it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card