the POST example would be helpful. (A GET would be best.)

Also, is there an xsd/dtd for this xml?

thanks in advance for the help.

I don't believe you can use a GET, but not sure. If you find a way to do this using GET or without having to merge, I'd love to know. Anyway, here is the POST to get sig0:

POST https://192.168.0.1:443/cgi-bin/transaction-server?command=getConfigDelta HTTP/1.1

Accept: text/xml

Content-type: xml/txt

Accept-Charset: iso-8859-1,*,utf-8

User-Agent: CIDS Client/4.0

Host: 192.168.0.1

Pragma: no-cache

Cache-Control: no-cache

Proxy-Connection: keep-alive

Content-Length: 281

Cookie: userToken=6ae4bce4e291a20ecc8676bc071e507c;dummy

http://www.cisco.com/cids/idconf" xmlns:id="http://www.cisco.com/cids/idiom" >sig0

If memory serves, you can add credentials to the request URL and then not have to worry about messing about with cookies.

I've also attached a curl sample. It's for a different function, but I think you get the drift.

curl example.

let's try this again.

Sorry, a side question:

Could you also tell me if a license status (expiration date) could be retrieved or obtained as a file or query from the IPS sensor?

Thanks for all your help!

From the CLI service account...not sure.

POST https://192.168.0.1:443/cgi-bin/transaction-server?command=getVersion HTTP/1.1

Accept: text/xml

Content-type: xml/txt

Accept-Charset: iso-8859-1,*,utf-8

User-Agent: CIDS Client/4.0

Host: 192.168.0.1

Pragma: no-cache

Cache-Control: no-cache

Proxy-Connection: keep-alive

Content-Length: 165

Cookie: userToken=b073d751b70c5c9d0e311baf11f9239a;dummy

http://www.cisco.com/cids/idconf" xmlns:id="http://www.cisco.com/cids/idiom" >

I get an error from a CIDS v6.x when issuing /cgi-bin/transaction-server?command=getVersion

http://www.cisco.com/cids/idiom" schemaVersion="2.00">XML Parser error at line: 1, at character: -1: no element found

I answered my own question.

For future references, the license details are stored under

/usr/cids/idsRoot/shared/ips.lic

good to know.

You've mentioned in your previous post that policy sig0 could be retrieved via HTTP post method or scp a copy of the individual files (default.xml).

I am able to pull instance policy XML by referencing getConfigDelta from the transaction server.

Could you provide an example on how would one go about fetching default policy from the sensor via HTTP post or other methods?

Looking at the default.xml file, it appears to be encrypted or compressed?

Thanks in advance,

Michael

it is compressed. you can get it via scp here:

/usr/cids/idsRoot/etc/config/signatureDefinition/default.xml

and via an HTTP POST:

POST https://192.168.1.1:443/cgi-bin/transaction-server?command=getDefaultConfig HTTP/1.1

Accept: text/xml

Content-type: xml/txt

Accept-Charset: iso-8859-1,*,utf-8

User-Agent: CIDS Client/4.0

Host: 192.168.1.1

Pragma: no-cache

Cache-Control: no-cache

Proxy-Connection: keep-alive

Content-Length: 252

Cookie: userToken=zzz;dummy

http://www.cisco.com/cids/idconf" xmlns:id="http://www.cisco.com/cids/idiom" >signatureDefinition