Solved: signature definition files (SDF)

ohareka70 · ‎08-11-2011

Hello,

What’s this file for and why do i need it - namely IOS-S573-CLI.pkg if I already have the 256MB.sdf file to load via the SDM onto the router

Do the two files complement each other?

I also downloaded this file: sigv5-SDM-S555 but I am not sure what it does?

Has anyone used Cisco Configuration Protocol (CCP) to upload the signature definitions to the router or is it easier to do it via the SDM?

any advice appreciated.

Kevin

Kryptkeeper · ‎08-12-2011

Kevin,

Signature Files with "IOS-SXXX-CLI.pkg" are the most up to date signature files for download from cisco. The files that come with SDM that end in ".sdf" are v4.x signature format. So, depending on the code you have you have a router with supports 4.x or 5.x signature. You can type "show subsys name ips" to figure out which version your IOS supports. In the output of the command if you see Version 3.X then that means it runs version 5.x signature. If you router runs 4.x signature then you will 2.x in the output of the command. (Cisco changed the format of the signatures when going to 5.x so 4.x and 5.x signatures are not compatible.)

In addition, the 256MB.sdf file that comes with SDM only has about 500 signatures that it load. If you load the full

"IOS-SXXX-CLI.pkg" it has something like two or three thousand possible signatures. Lastly, the file "sigv5-SDM-S555.zip" file is what you would load from the GUI of SDM, or CCP. The

"IOS-SXXX-CLI.pkg" files I have used to load from the command line.

(I'll admit I haven't played with CCP yet so I can't positively confirm if it will take both SDM or IOS files from the GUI. I mainly have been toying with SDM, which is junk.)

Overall for "easiest deployment" of signatures I would use the command line. However, to do a lot of the tuning it is easier in a GUI. For the command line proceedures see the document below.

Hopefully, this all helps. Have a good day.

-Kryptkeepr

http://www.cisco.com/en/US/customer/docs/ios/sec_data_plane/configuration/guide/sec_ips5_sig_fs_ue_ps6441_TSD_Products_Configuration_Guide_Chapter.html

View solution in original post

Kryptkeeper · ‎08-12-2011

Kevin,

Signature Files with "IOS-SXXX-CLI.pkg" are the most up to date signature files for download from cisco. The files that come with SDM that end in ".sdf" are v4.x signature format. So, depending on the code you have you have a router with supports 4.x or 5.x signature. You can type "show subsys name ips" to figure out which version your IOS supports. In the output of the command if you see Version 3.X then that means it runs version 5.x signature. If you router runs 4.x signature then you will 2.x in the output of the command. (Cisco changed the format of the signatures when going to 5.x so 4.x and 5.x signatures are not compatible.)

In addition, the 256MB.sdf file that comes with SDM only has about 500 signatures that it load. If you load the full

"IOS-SXXX-CLI.pkg" it has something like two or three thousand possible signatures. Lastly, the file "sigv5-SDM-S555.zip" file is what you would load from the GUI of SDM, or CCP. The

"IOS-SXXX-CLI.pkg" files I have used to load from the command line.

(I'll admit I haven't played with CCP yet so I can't positively confirm if it will take both SDM or IOS files from the GUI. I mainly have been toying with SDM, which is junk.)

Overall for "easiest deployment" of signatures I would use the command line. However, to do a lot of the tuning it is easier in a GUI. For the command line proceedures see the document below.

Hopefully, this all helps. Have a good day.

-Kryptkeepr

http://www.cisco.com/en/US/customer/docs/ios/sec_data_plane/configuration/guide/sec_ips5_sig_fs_ue_ps6441_TSD_Products_Configuration_Guide_Chapter.html