Where do IPS signature save at?


i successfully load the IOS IPS package into the router, verify via CLI and CCP the IPS signature did compile on the router. (advanced mode, around 588 signature is active)

but it went gone (happened twice), i just want to ensure few things

1. i did shut down my router, and migrate to production site, would it cause by the power off / on then IPS signature missing?

2. i did remove the "ip ips iosips in/out" command that previous apply at my interface, would this cause the IPS disable and gone?

just counldn't figure out why now my router only have 3 signature only..


Re: Where do IPS signature save at?

1. Please use the doc below for reference on how to configure IOS-IPS on the router. I will try to answer your questions using this document.

2. You will see in step 2.1 we create directory on flash to store all the signature files and configurations.


router#mkdir ips
Create directory filename [ips]
Created dir flash:ips

3. In step 4.2 , we configure IPS signature storage location by referencing the directory we created above.


ip ips config location flash:
router(config)#ip ips config location flash:ips

This is where the signature files will be stored.

4. In step 5.1 we copy the signature files to the router.


             router#copy ftp://cisco:cisco@ idconf

Loading IOS-S310-CLI.pkg !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 7608873/4096 bytes]

The idconf command compiles the signature after the file is copied.

5. If all the above steps are done correctly, you should see the following files in flash:

router#dir ips
Directory of flash:/ips/
7 -rw- 203419 Feb 14 2008 16:45:24 -08:00 router-sigdef-default.xml  <----Contains factory default signature definitions.
8 -rw- 271 Feb 14 2008 16:43:36 -08:00 router-sigdef-delta.xml
9 -rw- 6159 Feb 14 2008 16:44:24 -08:00 router-sigdef-typedef.xml
10 -rw- 22873 Feb 14 2008 16:44:26 -08:00 router-sigdef-category.xml
11 -rw- 257 Feb 14 2008 16:43:36 -08:00 router-seap-delta.xml
12 -rw- 491 Feb 14 2008 16:43:36 -08:00 router-seap-typedef.xml
64016384 bytes total (12693504 bytes free)

6. Make sure you do a 'Router#write memory' before you reload the router. This way the configuration done gets stored and is preserved after reboot.

Also make sure your configuration register on the router is correctly set to 0x2102.

Sid Chandrachud

TAC security solutions

