Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2174
Views
0
Helpful
1
Replies

Where do IPS signature save at?

yong khang NG
Level 5
Level 5

‎08-10-2010 06:30 PM - edited ‎03-10-2019 05:05 AM

Hi

i successfully load the IOS IPS package into the router, verify via CLI and CCP the IPS signature did compile on the router. (advanced mode, around 588 signature is active)

but it went gone (happened twice), i just want to ensure few things

1. i did shut down my router, and migrate to production site, would it cause by the power off / on then IPS signature missing?

2. i did remove the "ip ips iosips in/out" command that previous apply at my interface, would this cause the IPS disable and gone?

just counldn't figure out why now my router only have 3 signature only..

thanks

Labels:
0 Helpful
1 Reply 1

Siddharth Chandrachud
Cisco Employee
Cisco Employee

‎08-13-2010 01:07 PM

1. Please use the doc below for reference on how to configure IOS-IPS on the router. I will try to answer your questions using this document.

http://tools.cisco.com/squish/9Be6a

2. You will see in step 2.1 we create directory on flash to store all the signature files and configurations.

e.g:

mkdir
router#mkdir ips
Create directory filename [ips]
Created dir flash:ips

3. In step 4.2 , we configure IPS signature storage location by referencing the directory we created above.

e.g:

ip ips config location flash:
router(config)#ip ips config location flash:ips

This is where the signature files will be stored.

4. In step 5.1 we copy the signature files to the router.

e.g:

             router#copy ftp://cisco:cisco@10.1.1.1/IOS-S310-CLI.pkg idconf

Loading IOS-S310-CLI.pkg !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 7608873/4096 bytes]

The idconf command compiles the signature after the file is copied.

5. If all the above steps are done correctly, you should see the following files in flash:

router#dir ips
Directory of flash:/ips/
7 -rw- 203419 Feb 14 2008 16:45:24 -08:00 router-sigdef-default.xml  <----Contains factory default signature definitions.
8 -rw- 271 Feb 14 2008 16:43:36 -08:00 router-sigdef-delta.xml
9 -rw- 6159 Feb 14 2008 16:44:24 -08:00 router-sigdef-typedef.xml
10 -rw- 22873 Feb 14 2008 16:44:26 -08:00 router-sigdef-category.xml
11 -rw- 257 Feb 14 2008 16:43:36 -08:00 router-seap-delta.xml
12 -rw- 491 Feb 14 2008 16:43:36 -08:00 router-seap-typedef.xml
64016384 bytes total (12693504 bytes free)

6. Make sure you do a 'Router#write memory' before you reload the router. This way the configuration done gets stored and is preserved after reboot.

Also make sure your configuration register on the router is correctly set to 0x2102.

Sid Chandrachud

TAC security solutions

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card