cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1237
Views
0
Helpful
1
Replies

Signature not listed in Active Signatures

ebanzuel23
Level 1
Level 1

Signature.JPG

Hi IPS Expert,

I found an enabled signature but not listed in Active Sigatures.

I found that Retired field is shown "Low Memory Retired" ( see image)

My understanding is that it will only be retired if Low Memory is being experienced but I dont think we have Low memory.

Regards,

Jhun

1 Reply 1

wsulym
Cisco Employee
Cisco Employee

Jhun,

Your understanding is not correct. The setting relates to platform capacity - not if the platform is experiencing a low memory scenario.

Signature load thresholding was added in engine release E4; I'm including a link to the 7.0.2E4 release notes so you can see the whole thing:

http://www.cisco.com/en/US/docs/security/ips/7.0/release/notes/21671_01.html#wp1265369

In short - if you have a low memory classified system, a signature status of "low-memory-retired" will cause that particular signature to NOT load by default. You can set the status to retired=false to override the default setting.

The low & med memory retired settings allow us to enable additional protections on larger platforms that have additional capacity in a "automatic" fashion.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: