Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
295
Views
0
Helpful
2
Replies

IDSMC questions - update sensor to v4, copy single signature

rttsui
Level 1
Level 1

‎01-14-2004 10:09 AM - edited ‎03-09-2019 06:07 AM

Hi, I am testing update of sensor appliance (ids4235) from v3 to v4. The custom signatures, and the changed parameters (thresholds etc) for regular signatures do not show up in the updated v4 settings in IDSMC.

The procedure I used was:

- add v3 sensor (s62) to IDSMC (the signature settings look good).

- reimage sensor to v4, and upgrade to S62.

- use idsmc to update to v4

The audit report shows that:

- Signature conversion for Sensor sr-vms32 completed, 775 signatures converted 20 signatures were not able to be converted since they were not found in the 4.1(3)S62 signature list.

- The conversion to IDS version 4 for sr-vms32 could not convert the settings for the signature with the id of 20012.

....etc.

Most of the 20 signatures not converted do appear in the signature list - engine types changed? The filters also look ok in V4.

But signature 1100, 1103, the custom signatures, and the changed parameters were not migrated.

(1) How to update the sensors so that all the valid v3 data will be preserved? Will there be similiar problems if I need to add a preconfigured v4 sensor to idsmc in the future?

(2) I am using vms 2.2, idsmc 1.2 on w2k.

I tried idsmc 1.2.3, hangs quit a bit. Is there a way to backout 1.2.3 to 1.2, without reinstalling?

(3) Is there a way to copy a single signature only from 1 sensor to a number of sensors?

Thanks for any help/advice.

Labels:
0 Helpful
2 Replies 2

5mlattimore
Level 1
Level 1

‎01-15-2004 04:26 PM

Hi

can you tell me where you found procedures to update the MC to 4.x? Did you copy the 4.x updates to the /updates dir first so you could then *update 3.x sensor to 4.x on the MC?"

I am having trouble finding the documentation for 4.x sensors and upgrade procedure. I upgraded sensor to 4.x but cant get it to v62 .

thanks

0 Helpful

rttsui
Level 1
Level 1
In response to 5mlattimore

‎01-16-2004 07:31 AM

Not sure if my procedure is correct since I am having the problems mentioned. But here is what I did:

- I have V315S62 and V413S62 updates applied to the idsmc first, otherwise it doesn't recognize those versions.

- My sensor was at V3.1.5-S62 when I added it to the idsmc. So, after reimaged to V4. I upgradded it to V4.1.3-S62.

The procedure is in Cisco Intrusion Detection System Command Reference V4.1 (text part number 78-15599-01)

The command is upgrade. (upgrade ftp://...., upgrade scp://.... etc)

Please note the V4 files for update on the sensor directly is IDS*.rpm.pkg.

- On the idsmc, I update the sensor from V3 to V4.

The procedure is in Using Management Center for IDS Sensors 1.2 (text part number 78-14420-01)

In chapter 5, it describes the procedure for updating sensor software from 3.x to 4.x; and for updates other than that.

The directory you mentioned sounds right. On p5-69, ...download to ~CSCOpx/mdc/etc/ids/updates. (My idsmc is on Win2K.). When you do the upgrade, the update file should show up in the selection list.

The V4 files for update in idsmc are IDS*.zip.

Not sure if they are the same for Solaris?

Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents