Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
229
Views
4
Helpful
1
Replies

Backup?

s-beavers
Level 1
Level 1

‎03-01-2004 07:00 AM - edited ‎03-09-2019 06:35 AM

On the IDS 3.x sensors, for a backup I would archive the /usr/nr/etc directory? What would be the equiv. on the 4.x sensors?

Labels:
0 Helpful
1 Reply 1

marcabal
Cisco Employee
Cisco Employee

‎03-01-2004 09:13 AM

Use the copy command:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/cmdref/15599ch2.htm#377910

For day to day backup you can backup the config directly onto the box:

copy current-config backup-config

You can then recover it by simply typing:

copy backup-config current-config

You can also backup the config to a remote machine using ftp or scp:

copy current-config ftp://@//

You can then recover the config using:

copy ftp://@// current-config

A couple of notes of caution:

We have seen issues when using backups after the sensor has had a new software update applied.

This is because the software update will modify the sensor by adding new configurations or modifying existing signatures. The software update may also modify your current-config to ensure it works with the new version.

HOWEVER, if you then try to go and use a backup from before the update, the sensor may not accept it.

So to be sure to not run into this issue, it is best to always make a fresh backup after the software has been updated. This way you know your sensor will accept your backup-config.

If for some reason your sensor is not accepting the backup config then you can try entering the commands one at a time. The backup config is a listing of the CLI commands, so you just need to open the file and enter the configuration commands one at a time. Eventually you will find which command is causing the issue. It is most likely that the new software update on the sensor has modified that signature.

If you have a major sensor failure and need to recover the sensor then you can follow the procedure below:

1) Recover the sensor back to the main software image. Follow the instructions for your sensor type:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/hwguide/hwchap9.htm#590432

2) Login as cisco with password cisco (change the password to a new password).

3) Run setup to initialize the sensor.

4) Now apply all of the software updates to get the sensor back to the same version it was at the last time you backed up your configuration (the version on the sensor needs to match the sensor version from your backup to ensure all commands are accepted).

5) Now re-apply your backup configuration:

copy ftp://@// current-config

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents