Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
469
Views
12
Helpful
4
Replies

Extracting Signature Database from Appliance

Go to solution
lbhoang
Level 1
Level 1

‎10-17-2006 10:52 AM - edited ‎03-10-2019 03:17 AM

With v5.1(3)the signatures are no longer displayed in command-line. Is there a way to extract a signature configuration list from the appliance in a readable format? Thank you in advance.

Btw, kudos to the Cisco IPS team. 5.1(3) is a big improvement over 4.1(x).

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marcabal
Cisco Employee
Cisco Employee

‎10-17-2006 02:12 PM

You can get it from the CLI by doing:

config t

service signature-definition sig0

show settings | include sig-id|subsig-id|sig-name

You can change the list of parameters to include in order to change what you want to see.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
jwalker
Level 3
Level 3

‎10-17-2006 11:26 AM

One way to get the file is to create a service account. After creating the account, login to the service account using the CLI. Then type cd /usr/cids/idsRoot/etc/config/signatureDefinition/instances to change to the appropriate directory.. When in the right directory, ftp the sig0.xml file to another PC for viewing.

** Please rate if this helps***

Go to solution
scothrel
Level 3
Level 3

‎10-17-2006 01:50 PM

Can you define "readable"?

The ultimate description of the signatures is the file "default.xml" in /usr/cids/idsRoot/etc/config/signatureDefinition.

Log into a service account to get shell access to the file. DO NOT edit this file, it is the base file. The Delta file is sig0.xml in the "instances" subdir from the above location.

Go to solution
marcabal
Cisco Employee
Cisco Employee

‎10-17-2006 02:12 PM

You can get it from the CLI by doing:

config t

service signature-definition sig0

show settings | include sig-id|subsig-id|sig-name

You can change the list of parameters to include in order to change what you want to see.

0 Helpful

Go to solution
lbhoang
Level 1
Level 1
In response to marcabal

‎10-18-2006 08:14 AM

All good info but Marcoa's info is exactly what I'm looking to do to generate a list of signatures, subsigs, name, action and if enabled to another group or person in a readable format. This saved me from having to parse or convert XML. Thanks!

show settings | include sig-id|subsig-id|sig-name|event-action|enabled

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card