Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4180
Views
0
Helpful
2
Replies

Unable Perform Snort ISR Signature Updates

dspdss
Level 1
Level 1

‎07-25-2018 02:37 PM - edited ‎02-21-2020 08:01 AM

I am unable to update my ISR 4331 IOS-XE 16.6.4 Snort IPS signature from the base 29.0.C.  I have also tried the latest signature (UTD-STD-SIGNATURE-2983-71-S.pkg) and receive the same error message.  No issues contacting the HTTP server and copying the signature file to bootflash or with connecting using telnet on port 80 sourcing the virtual port group 0 interface.

 

Router#utd threat-inspection signature update server url http://10.XX.XX.XX/UTD-STD-SIGNATURE-2983-66-S.pkg
Router#
Jul 25 2018 17:11:41: %VMAN-5-VIRT_INST_NOTICE: SIP1: vman: VIRTUAL SERVICE SnortIPS LOG: UTD signature update failed - current version: 29.0.c

Router#show utd engine standard threat-inspection signature update status
Current Signature package version: 29.0.c
Current Signature package name: default
Previous Signature package version: None
Last update status: Failed
Last failure Reason: Failed to process the signature package
Last successful update method: None
Last successful update server: None
Last successful update time: None
Last successful update speed: None
Last failed update method: Manual
Last failed update server: http://10.XX.XX.XX/UTD-STD-SIGNATURE-2983-66-S.pkg
Last failed update time: Wed Jul 25 17:11:40 2018 EDT
Last attempted update method: Manual
Last attempted update server: http://10.XX.XX.XX/UTD-STD-SIGNATURE-2983-66-S.pkg
Last attempted update time: Wed Jul 25 17:11:40 2018 EDT
Total num of updates successful: 0
Num of attempts successful: 0
Num of attempts failed: 17
Total num of attempts: 17
Next update scheduled at: Thursday Jul 26 03:00 2018 EDT
Current Status: Idle

4 people had this problem
Labels:
0 Helpful
2 Replies 2

jason_bullock
Level 1
Level 1

‎09-03-2019 10:35 AM

Please verify the Signature version matches the Signature version in the OVA running.

Ex:

OVA: iosxe-utd.16.06.05.1.0.8_SV29111_XE_16_6.ova

Signature Package: UTD-STD-SIGNATURE-29111-106-S.pkg

 

0 Helpful

jamesboshears73107
Level 1
Level 1
In response to jason_bullock

‎09-16-2019 07:20 PM

i discover once cisco taken this over snort on lot platforms become broken, cicso discover that snort was ack better then there own software and was stoping cisco microsoft from takeing data off our systems, cisco and microsoft not have this as more and more people was useing it. it no longer works in ipfire as well but they is work around to this, installing a older version got mine to work, so i just froze all updates for time being,  we must understand cisco microsoft software comes from chana, is that so odd that what we depend on for securiy is no longer made in usa where we have control over it, i dont think this be fix any time soon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card