Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
258
Views
0
Helpful
2
Replies

Problems with Custom Signatures if you choose the wrong description

pheuch
Level 1
Level 1

‎07-18-2003 08:01 AM - edited ‎03-09-2019 04:06 AM

Today I got a problem with a custom signature, I added with .SigWizMenu on a 3.x IDS. I choosed the description

IP Protocoll 77

This caused an error, because the word Protocoll is a keyword in the etc/SigUser.conf file. It caused an error within SigWizMenu and within packetd.conf at sensor restart. It looks like that any keyword which is used in the SigUser.conf file will cause problems.

Labels:
0 Helpful
2 Replies 2

jsivulka
Level 5
Level 5

‎07-24-2003 11:57 AM

The best place for information related to adding custom signature is http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids6/13346_01.htm. Hope you find the information there.

0 Helpful

marcabal
Cisco Employee
Cisco Employee

‎08-08-2003 01:42 PM

In version 3.x you can not use keywords as data in other fields. This problem is fixed in the version 4.x sensors.

If you need to remove the Protocol word from your description you can directly edit the configuration files (either SigSettings.conf or SigUser.conf) to remove that word from the description field. Then nrstop and nrstart to have packetd read in the corrected configuration.

0 Helpful
Customers Also Viewed These Support Documents