Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3831
Views
0
Helpful
2
Replies

Latest signature package (pkg) for IPS

Go to solution
ohareka70
Level 3
Level 3

‎08-11-2011 08:42 AM - edited ‎03-10-2019 05:26 AM

Hello,

Really need a hand to understand what the .pkg files are doing?

  • I have download a latest signature package - IOS-S573-CLI.pkg
  • I copied it to flash on a test router and I can access it via SDM
  • I have setup my router and put in all the config for IPS

Router with IOS-S573-CLI.pkg as the active signature database

#sh ip ips signatures

Builtin signatures are configured

Signatures were last loaded from flash:/ips/IOS-S556-CLI.pkg

Total Active Signatures: 0

Total Inactive Signatures: 0

But if I change the Router back to use the 256MB.sdf file from cisco I can see 537 signatures

#sh ip ips signatures

Builtin signatures are configured

Signatures were last loaded from flash:/ips/256MB.sdf

Total Active Signatures: 537

Total Inactive Signatures: 0

Q. What is the best way to have the up to date signatures on the router? I would have thought it would be to use the latest file namely IOS-S573-CLI.pkg

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kryptkeeper
Level 1
Level 1

‎08-12-2011 10:19 AM

Kevin,

      I answered a similar question from another user a minute ago. Please read the link below. It should clear up most of your confusion. (Once you have read the link then keep reading below.)

     Also, if your router is capable of using the 5.x signatures then you don't user the command "

flash:/ips/IOS-S556-CLI.pkg." That is for version 4.x signatures, which I suspect your router is using. You would load the signature by typing "copy flash:/ips/IOS-S556-CLI.pkg idconf." That will cause the signature to compile. You would be off to the races after that. (Be sure to read the link to the other post I submitted. That will give you the exact way get everything configured.)

     Post back if you have any other questions. Good day. Have a good day.

https://supportforums.cisco.com/message/3418935#3418935

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Kryptkeeper
Level 1
Level 1

‎08-12-2011 10:19 AM

Kevin,

      I answered a similar question from another user a minute ago. Please read the link below. It should clear up most of your confusion. (Once you have read the link then keep reading below.)

     Also, if your router is capable of using the 5.x signatures then you don't user the command "

flash:/ips/IOS-S556-CLI.pkg." That is for version 4.x signatures, which I suspect your router is using. You would load the signature by typing "copy flash:/ips/IOS-S556-CLI.pkg idconf." That will cause the signature to compile. You would be off to the races after that. (Be sure to read the link to the other post I submitted. That will give you the exact way get everything configured.)

     Post back if you have any other questions. Good day. Have a good day.

https://supportforums.cisco.com/message/3418935#3418935

0 Helpful

Go to solution
ohareka70
Level 3
Level 3

‎08-16-2011 04:34 AM

Kryptkeepr,

Thanks for the advice.  I copied the latest IOS-SXXX-CLI.pkg file into the router flash using the idconf parameter at the end.  Then i connected to the router using SDM and everything worked out ok.  I now have over 4000 signatures on the router, so i can go ahead now and start retiring/inretiring the signatures i want to use.

I 'll try the command line to see how it goes.  The SDM worked out ok for me.

Thought this link was quite good on how to unretire signatures. 

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6525/ps7264/ps6634/IOS_IPS_Best_Practices.pdf

thanks

Kevin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card