Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
194
Views
5
Helpful
2
Replies

New 4235...upgrading Sigs

robert.mcclain
Level 1
Level 1

‎09-03-2003 12:21 PM - edited ‎03-09-2019 04:39 AM

I just recieved my new sensors from Cisco. I have them up and running without any problem. I have made several attempts to upgrade the sigs from the device manager and it hasn't worked. If I do an immediate update it states an update has been found and is being applied, but nothing happens for along time. I am trying to do it from the console instead but again am running into problems. I have the files on an FTP server and it seems to be getting there. What is th ebest way to upgrade these sensors...my 3.1 sensors were alot easier to do..

Labels:
0 Helpful
2 Replies 2

marcabal
Cisco Employee
Cisco Employee

‎09-03-2003 01:18 PM

The signature updates in 4.1 appear to take longer than the version 3.1 updates.

In version 3.1 the sensor software was stopped and restarted during a signature update. This happened fairly quickly from the typical user perspective. What most users did not realize is that after packetd was restarted, it would take several minuted to build new regular expression tables for the added signatures. So it was several additional minutes before packetd was actually monitoring traffic. ALso if for some reason packetd was not able to generate the regular expression tables the user was only notified through an error file after the user through the update was complete.

In version 4.1, the signature update does not stop and start sensorApp itself. Instead the new signatures are sent to sensorApp, and sensorApp begins building it's new regular expression tables which can take several minutes. It is only after the tables are built without errors that the user is notified that the update was successful. Then sensorApp automatically restarts itself on it's own (this takes just a few seconds).

So the big difference is not really in the time to do the update, but in the fact that in version 3.1 the user recieved a success message before the tables were built and could miss errors during table generation, while in 4.1 the user won't see success until after the table is built.

---------------

However, there are situations inwhich the update may be experiencing problems that could cause it to take longer.

If the file could not be downloaded to do the update then the user will need to wait for the update to timeout. This timeout can be several minutes, and usually happens when the sensor does not understand the ftp server's prompts, or when the file was not in the proper location on the ftp server.

WHen you execute the upgrade command on the sensor CLI, you need to wait until you recieve a response. You will receive either success or failure (usually a timeout failure). DO NOT stop and restart the sensor while waiting for the upgrade to finish because you could leave the sensor in a corrupted state.

robert.mcclain
Level 1
Level 1
In response to marcabal

‎09-04-2003 04:20 AM

When I use the device manager to upgrade, I get a response of "An update has been found and is being applied", but I don't see the connection on the FTP server. So what does this actually mean? If there are no connections to the FTP server how can I be uploading an update?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents