Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Sig Updates grrr!

Hi All,

I have only recenty upgraded my ids(4210) to 4.0(1)S37, and i am new to version 4.

I am having a problem upgrading, when i try and use the upgrade command the following happens,

ciscoids(config)# upgrade scp://

User: ids

Server's IP Address:


File name: updates/auto/IDS-sig-4.0-2-S47.rpm.pkg

Password: *********

Warning: Executing this command will apply a signature update to the application partition.

Continue with upgrade? : yes

Error: download file does not exist: /usr/cids/idsRoot/var/updates/IDS-sig-4.0-2-S47.rpm.pkg

I have tried use relative and absolute paths, and just about everything else i can think of, ftp isnt an option :(

It appears that the ids is not scp'ing the file, i can see it logging on the signature server, but the file never arrives on the IDS.

I have tried to copy the file to /usr/cids/idsRoot/var/updates/

but then it complains,

Error: signature was not valid (time warp or clock problem)

I would rather have this working properly, as opposed to cludging it, by copying signatures to /usr/cids/idsRoot/var/updates/

Anybody have any ideas, i am beginning to get desperate.



Cisco Employee

Re: Sig Updates grrr!

Did you configure the ssh host key?

conf t

ssh host

Have you tried, issuing the full URL cli command?

upgrade scp://ids@

If the problem still occurs, then I would like to get more info. Can you create a service account on the sensor and issue the following commands:

su (become root)

cd /usr/cids/idsRoot/var/update

scp -oProtocol=1 -P 22 ids@

( if the file is downloaded then remove it)

Let me know if you see any errors from scp.

New Member

Re: Sig Updates grrr!

Ah, ssh host-key - Doh!

but when i add the key i get the error

Error: Unsupported remote protocol version (2.0)

Thats no problem i will reconfigure my signature server, to support v1.

Thank again for your help.


New Member

Re: Sig Updates grrr!

Hi. I'm having the same problem, but I cannot disable SSH2 on the server. Is there any way round this?

If not, does anyone know of an SCP server for Windows which works with the sensors?

Many thanks,


New Member

Re: Sig Updates grrr!

I am not sure of the issue with your particular problem, but you have another one ahead of you that I thought might be useful to all to disclose.

I opened a TAC case because I was unable to apply the SP update 4.1.1(S47) to my 4210 sensor. It turns out that Cisco has a FREE (yes, you read that right) memory upgrade for the 4210 sensors. Apparently the 256MB that the sensor is shipped with is insufficient to apply the SP update that they recently released, so they are making an additional 256MB available through their upgrade tool.

The reason I say that you will eventually have to deal with this issue is that all signature updates (post S47) will be v4.1.1 or later (unless you are running 3.x, of course).

Hope this saves some of you some headaches.



New Member

Re: Sig Updates grrr!

Hi Don,

Are you for real!?????

Thanks for the advice as i was planning to get all the updates on today - it looks like i wont be able to.

Did your ids break when you tried to apply 4.1.1(S47) or were you able to back-out when it didnt work?



New Member

Re: Sig Updates grrr!

I have a 4235 and am also having trouble with S47. I have successfully applied previous sig updates, but this is my first 4.x service pack update. TAC is unresponsive. I even tried opening the same case multiple times, trying to play level 1 roulette with no luck. My cases are just stuck in CCO updated. A packet trace shows the 4235 just responds with an ACK with no FTP commands and the TCP session eventually times out. Of course, TAC would have to read the trace file I uploaded to know that.

Cisco Employee

Re: Sig Updates grrr!

Here are some of the known issues using ftp to upgrade:

- must enable passive mode on ftp server

- logging in as anonymous has problems

- custom prompts on windows ftp server has caused problems

You can also use scp/http to perform the upgrade

Cisco Employee

Re: Sig Updates grrr!

(please disregard)

CreatePlease to create content