Dude, you have to download the signature file from the Cisco web page and transfter it to the flash... When I was studing IOS IPS, I got the IOS-S391-CLI.pkg file. You can check the latest signatures at this link:
http://www.cisco.com/cgi-bin/tablebuild.pl/ios-v5sigup You must have a CCO with valid service contract to be able to download Regards, Willians 2009/5/30 Stuart Hare <[email protected]> > Im concerned about the IOS IPS that is now in v12.4. > > It seems to have gone from a very easily implemented feature to one that is > now extremely cumbersome, and what seems on the surface error prone. > > When I enable it I can never get anymore than 3 signatures and 1 sig engine > active for starters. > > I then go through the process of installing the key chain for the encryted > package, creating the directory etc etc. > > When I try to compile the sig pkg it not only takes 5 mins or so to compile > it also fails to enable a large portion of the engines/sigs with MALLOC > failures and unsupported engines etc. (Output below). > > Then too my annoyance I reboot the router to see if this will resolve the > issue, to find that I am back to to only 3 sigs active in my IPS config, and > all the rest missing. I can only have bad feelings about how such an issue > will kill you time in the lab. > > I then tried this on a different device just in case it was a hardware > issue to find that as soon a entered the copy flash idconf cmd the router > reloaded (deep joy). > > Hopefully this is something I am doing wrong,or a device issue. > > Stu > > R5#copy flash:IOS-S376-CLI.pkg idconf > *May 31 17:24:31.787: %IPS-6-ENGINE_BUILDS_STARTED: 17:24:31 UTC May 31 > 2009 > *May 31 17:24:31.787: %IPS-6-ENGINE_BUILDING: multi-string - 12 signatures > - 1 of 13 engines > *May 31 17:24:32.375: %IPS-6-ENGINE_READY: multi-string - build time 588 ms > - packets for this engine will be scanned > *May 31 17:24:32.395: %IPS-6-ENGINE_BUILDING: service-http - 667 signatures > - 2 of 13 engines > *May 31 17:24:33.067: %IPS-4-META_ENGINE_UNSUPPORTED: service-http 5903:1 - > this signature is a component of the unsupported META engine > *May 31 17:26:34.859: %SYS-2-MALLOCFAIL: Memory allocation of 1059916 bytes > failed from 0x42F03704, alignment 0 > Pool: Processor Free: 12190324 Cause: Memory fragmentation > Alternate Pool: None Free: 0 Cause: No Alternate pool > -Process= "Exec", ipl= 0, pid= 122, -Traceback= 0x41920FEC 0x40083D80 > 0x40089EF8 0x4008A62C 0x441D93C0 0x42F0370C 0x42F03E6C 0x42F03F44 0x43896FDC > 0x43897A54 0x438B0B6C 0x438B0FC4 0x438E9888 > *May 31 17:26:34.859: %IPS-4-SIGNATURE_COMPILE_FAILURE: service-http 5413:0 > - compilation of regular expression failed > *May 31 17:27:15.395: %SYS-2-MALLOCFAIL: Memory allocation of 1530912 bytes > failed from 0x42F03704, alignment 0 > Pool: Processor Free: 8335160 Cause: Memory fragmentation > Alternate Pool: None Free: 0 Cause: No Alternate pool > -Process= "Exec", ipl= 0, pid= 122, -Traceback= 0x41920FEC 0x40083D80 > 0x40089EF8 0x4008A62C 0x441D93C0 0x42F0370C 0x42F03E6C 0x42F03F44 0x43896FDC > 0x43897A54 0x438B0B6C 0x438B0FC4 0x438E9888 > *May 31 17:27:15.399: %IPS-4-SIGNATURE_COMPILE_FAILURE: service-http 5460:0 > - compilation of regular expression failed > *May 31 17:27:15.403: %IPS-4-SIGNATURE_COMPILE_FAILURE: service-http 5460:0 > - compilation of regular expression failed > *May 31 17:27:18.147: %IPS-4-SIGNATURE_COMPILE_FAILURE: service-http 5427:0 > - compiles discontinued for this engine > *May 31 17:27:18.147: %IPS-4-SIGNATURE_COMPILE_FAILURE: service-http 5316:0 > - compiles discontinued for this engine > > > > -- > Stuart Hare > > [email protected] > > >
