08-11-2011 08:42 AM - edited 03-10-2019 05:26 AM
Hello,
Really need a hand to understand what the .pkg files are doing?
Router with IOS-S573-CLI.pkg as the active signature database
#sh ip ips signatures
Builtin signatures are configured
Signatures were last loaded from flash:/ips/IOS-S556-CLI.pkg
Total Active Signatures: 0
Total Inactive Signatures: 0
But if I change the Router back to use the 256MB.sdf file from cisco I can see 537 signatures
#sh ip ips signatures
Builtin signatures are configured
Signatures were last loaded from flash:/ips/256MB.sdf
Total Active Signatures: 537
Total Inactive Signatures: 0
Q. What is the best way to have the up to date signatures on the router? I would have thought it would be to use the latest file namely IOS-S573-CLI.pkg
Solved! Go to Solution.
08-12-2011 10:19 AM
Kevin,
I answered a similar question from another user a minute ago. Please read the link below. It should clear up most of your confusion. (Once you have read the link then keep reading below.)
Also, if your router is capable of using the 5.x signatures then you don't user the command "
flash:/ips/IOS-S556-CLI.pkg." That is for version 4.x signatures, which I suspect your router is using. You would load the signature by typing "copy flash:/ips/IOS-S556-CLI.pkg idconf." That will cause the signature to compile. You would be off to the races after that. (Be sure to read the link to the other post I submitted. That will give you the exact way get everything configured.)
Post back if you have any other questions. Good day. Have a good day.
08-12-2011 10:19 AM
Kevin,
I answered a similar question from another user a minute ago. Please read the link below. It should clear up most of your confusion. (Once you have read the link then keep reading below.)
Also, if your router is capable of using the 5.x signatures then you don't user the command "
flash:/ips/IOS-S556-CLI.pkg." That is for version 4.x signatures, which I suspect your router is using. You would load the signature by typing "copy flash:/ips/IOS-S556-CLI.pkg idconf." That will cause the signature to compile. You would be off to the races after that. (Be sure to read the link to the other post I submitted. That will give you the exact way get everything configured.)
Post back if you have any other questions. Good day. Have a good day.
08-16-2011 04:34 AM
Kryptkeepr,
Thanks for the advice. I copied the latest IOS-SXXX-CLI.pkg file into the router flash using the idconf parameter at the end. Then i connected to the router using SDM and everything worked out ok. I now have over 4000 signatures on the router, so i can go ahead now and start retiring/inretiring the signatures i want to use.
I 'll try the command line to see how it goes. The SDM worked out ok for me.
Thought this link was quite good on how to unretire signatures.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6525/ps7264/ps6634/IOS_IPS_Best_Practices.pdf
thanks
Kevin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide