Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

IPS 5.0(6)S220

Upgraded from version 4.1(5). Using the CLI how do I get the entire configuration file (sensor settings and signatures) copied back in a config file. In version 4.1(5) this was possible, but in version 5.0(6) it no longer copies the sensor settings and signatures.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: IPS 5.0(6)S220

Version 5.x has "show conf" just like in version 4.x.

In version 4.x the "show conf" would show the user edits to the configuration along with a basic listing of all of the signatures (but no details on the signatures).

This basic listing of the signatures made the "show conf" output extremely large and made it difficult to determine what edits were made as pages of configuration had to be looked through.

In 5.x the simple listing of signatures is no longer done in "shwo conf" output. Now only signatures that have been modified by the users will show up in the "show conf" output.

If you want to get a basic listing of all signatures on a version 5.x sensor then the best way to do this is through the "show settings" command.

You can execute:

conf t

service signature-definition sig0

show settings | include sig-id|subsig-id|sig-name

You can execute "show settings" without the include to see all of the settings. And you can modify the include to add in other parameters you might want to see like event-action or severity:

show settings | include sig-id|subsig-id|sig-name|event-action|severity

2 REPLIES
Cisco Employee

Re: IPS 5.0(6)S220

Version 5.x has "show conf" just like in version 4.x.

In version 4.x the "show conf" would show the user edits to the configuration along with a basic listing of all of the signatures (but no details on the signatures).

This basic listing of the signatures made the "show conf" output extremely large and made it difficult to determine what edits were made as pages of configuration had to be looked through.

In 5.x the simple listing of signatures is no longer done in "shwo conf" output. Now only signatures that have been modified by the users will show up in the "show conf" output.

If you want to get a basic listing of all signatures on a version 5.x sensor then the best way to do this is through the "show settings" command.

You can execute:

conf t

service signature-definition sig0

show settings | include sig-id|subsig-id|sig-name

You can execute "show settings" without the include to see all of the settings. And you can modify the include to add in other parameters you might want to see like event-action or severity:

show settings | include sig-id|subsig-id|sig-name|event-action|severity

New Member

Re: IPS 5.0(6)S220

Ah, and yes that is a much better way. Do you know if there is a listing that can be downloaded that contains signature numbers by engine, priority and status (enabled or not)

147
Views
0
Helpful
2
Replies
CreatePlease to create content