Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
378
Views
0
Helpful
7
Replies

IDS Version 4 slowness

ttorgerson
Level 1
Level 1

‎06-19-2003 11:50 AM - edited ‎03-09-2019 03:44 AM

Is it just me or does version 4.0 seem extremely slow?

There is also very little documentation on this new version...

It also seems to take forever to apply updates made through the IDS Device Manager... what is up with this? Did someone not consider speed as an important feature?... or is this just my install... I find it running slow on both 4235's and 4250's...

Also... since documentation is so hard to come by, can someone explain how to create custom sigs with this new version?

thanks in advance!

Thomas

Labels:
0 Helpful
7 Replies 7

ttorgerson
Level 1
Level 1

‎06-19-2003 12:08 PM

I finally found a good link for documentation so please ignore last line of above message..

thanks!

0 Helpful

travis-dennis_2
Level 7
Level 7
In response to ttorgerson

‎06-19-2003 07:18 PM

How about [passing on that link to everyone?

0 Helpful

travis-dennis_2
Level 7
Level 7
In response to ttorgerson

‎06-20-2003 06:02 PM

Thanks for the link. I would have to agree that V4 does seem slower. My first guess is that since the software is fatter than V3 but runing on the same hardware yada yada yada and that equals slower speed as far as apply changes, updates etc. etc. This is just a guess though. Hey Glenn!! are you out there? Any input?

0 Helpful

ttorgerson
Level 1
Level 1
In response to travis-dennis_2

‎06-23-2003 05:08 AM

true.. very true...

I like the new CLI... falls right in line with the other products... but... I find it interesting that in order to make a change to a signature in the CLI, it takes an awful lot of command entry... which can become very time consuming... I would much prefer a 'conf' file to make the changes to... It would speed up the process tremendously... I am still learning about the new version, since it is such a change from version 3.0... Hopefully one day I will be able to get this clunky VMS product to work for me...

so... anyone out there dealt with custom sigs in this new version...?

Thomas

0 Helpful

jimmieharden
Level 1
Level 1
In response to ttorgerson

‎06-23-2003 09:39 AM

I migrated my tuned 3.1 sigs to 4.0 by editing the backup-config file using vi last week. It is a manual process but it was easier than the GUI or CLI entry. Documentation does not explicitly explain the process but it does explain the copy and ftp commands. The copy ftp://user@IP backup-config command is forgiving. If there is a format error you will not be able to copy the backup to the current config. I just added some custom strings to the STRING.TCP engine we had defined in CSPM. They worked! I am wondering what happen to the FLOOD.TCPSYN engine.

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to jimmieharden

‎06-23-2003 02:43 PM

FLOOD.TCPSYN had only one signature: 3050, and users were not allowed to add others or make many changes to 3050.

So the 3050 signature was moved to the OTHER engine to reduce the number of engines.

So other users are aware:

You can use the copy command to copy the current-config to your own ftp-server: copy current-config ftp://user@ftpserverip/filename

Then edit the file with your favorite editor.

Then use the copy command to copy your edited file back to the sensor:

copy ftp://user@ftpserverip/editedfilename current-config.

0 Helpful
Customers Also Viewed These Support Documents