Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

S17 Updates don't show in signature list..?

Probably something I've missed in the reading but...

View: CSPM managing 2 4230's and a 4210 sensor.

I have loaded the S16 and S17 patches. The policies have been pushed. Everything seems to be working fine. However, from the CSPM GUI if I select the +Signature Sensors and select the signature file for any of the sensors I cannot see the new "4507" signature listed. It shows SNMP series through 4505 and then goes onto the remainder. However, the new 5223 and 5224 signatures DO show... When I check the NSDB it IS listed there. So the HTML files for the NSDB are present. How can I tell if the update patches for the sensors actually built the signatures that S16 and S17 were supposed to - at least for the 4507 sig?

Henry Schupp

Cisco Employee

Re: S17 Updates don't show in signature list..?

Only S17 sensors will have the new signature.

You can

1) telnet to the sensor as user netrangr

2) cd /usr/nr/etc

3) grep 4507 packetd.conf

If you see a line that starts with:

SigOfGeneral 4507 0 5 5 5 5 .....

then you have the new signature

The action should be set to zero (no action) by default.

And the severity should be 5 (High) by default.

If you do not see this on an S17 sensor, then either the CSPM update file has a bug, or something

in your installation and deployment didn't work right.

As for looking in CSPM itself for the signature, be aware that the new signatures are not necessarily in numerical order. Quite often CSPM will simply add the new signatures to the bottom of the signature list.


New Member

Re: S17 Updates don't show in signature list..?

Thanks... Great!

I found the 4507 SigOfGeneral listed as you described. So then I started up the SigWizMenu - figured that I could set the actions there... No 4507 sig found. Hmmmm, (bear with me... I'm slow but steady) if the signature doesn't show in the CSPM and I can't find it using the SigWizMenu then how am I supposed to set the actions? Is not enabling new sigs the default?

I will be quite embarrased if I have been loading the sig updates for the last month and not been actually turning them "on".

Hold the presses! I found it in the CSPM Sig listing! Not only am I slow but apparently I am losing my eyesight as well. I swear I looked carefully through it several times last night!

Anyways, with that - all my questions on this issue are now answered.

Thanks for your generous assistance!

Henry "Slug" Schupp

New Member

Re: S17 Updates don't show in signature list..?

CreatePlease to create content