Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
372
Views
0
Helpful
3
Replies

Copying 3.x sensor settings to a new sensor?

5mlattimore
Level 1
Level 1

‎10-14-2003 01:34 PM - edited ‎03-09-2019 05:09 AM

Greets. Need help copying 3.x sensor settings, Signatures, RemoteHosts and Filters new a new sensor.

We are replacing our old 4230 with 4235 sensors and have a ton of filters we created over the months that we want to import to the new sensors.

Normally we could just *import* the sensor settings, but since this is a *new* replacemnet, there is nothing to import. We tried copying SigUser.conf into /usr/nr/etc but once you import the sensor all of usr/nr/etc files are overwritten.

Wondering if we could simply take the old sensor offline and put the new one in and see if it will allow us to *substitute* the new sensor as a replacement.

Any ideas on how we might accomplish this?

thanks,

Mike

Labels:
0 Helpful
3 Replies 3

astuckey
Level 1
Level 1

‎10-14-2003 01:52 PM

You need to describe more clearly what you are trying to do. Yes, it is possible to use the director to preserve a given configuration across hardware changes.

1) power off the 4230.

2) power on the 4235. run setup on the 4235 and give it exactly the same values for Sensor ID, Organization, IP address, etc, as the 4230 just abandoned.

3) run nrConfigure, and push the most recently used configuration to the device.

Does this do what you are asking for and expect?

0 Helpful

5mlattimore
Level 1
Level 1
In response to astuckey

‎10-14-2003 02:35 PM

Actually we are using the IDSMC version 2.2 now and I have noticed that during my testing the MC seems to push a new *blank* configuration to the sensor

I am going to try this in the lab and see if it works.

i suspect that because of the ssh implementation that there will be a glitch of some sort.

Will try it and let you know how the MC manages this scenario

I appreciate the effort to help!

Mike

0 Helpful

5mlattimore
Level 1
Level 1
In response to 5mlattimore

‎10-14-2003 04:20 PM

Ok Got it!

Heres what happened. Im using VMS 2.2 IDSMC with 3.x sensors.

I wanted to *copy* settings from another physical sensor (old 4230 model) to a newer 4235 model sensor (this one would have the same name)

So I followed your steps with one exception, (step3 below)

1) shutdown the old 4230

2) brought up the new 4235 , renamed it to the old sensors name, ip address, and pointed it to the IDSMC

3) before attempting to push a configuration to it (in essence transferring all of the old settings like custom signatures, filters, remote hosts, logging servers, etc)

from a command line I ran the

PLINK -ssh netrangr@

entered the netrangr password and then I was able to push the settings to the new sensor.

I also tried it without the PLINK command and it would not push configs to the sensor.

This command allows you to reset the ssh keys and communicate with a sensor.

Thanks for helping me get the ideas flowing. Hope I can return the favor sometime :)

Mike

0 Helpful
Customers Also Viewed These Support Documents