White Paper
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 12
In the configured Cisco IOS IPS storage directory, you may find the following files. These files
have a name format of <routername>-sigdef-xxx.xml.
training#cd ipsstore
training#show flash:
24576K bytes of processor board System flash (Intel Strataflash)
Directory of flash:/ipsstore/
4 -rwx 5693 Aug 11 2006 23:41:32 -08:00 training-sigdef-typedef.xml
5 -rwx 21285 Aug 11 2006 23:41:35 -08:00 training-sigdef-category.xml
6 -rwx 172587 Aug 11 2006 23:43:29 -08:00 training-sigdef-default.xml
23482368 bytes total (6076416 bytes free)
training#
These files are stored in a Cisco proprietary compression format and are not editable or viewable
directly. The contents of each file are described below:
training-sigdef-typedef.xml: A file that has all the signature parameter definitions
training-sigdef-category.xml: Has all the signature category information, such as category ios_ips
basic and advanced
training-sigdef-default.xml: Contains all the factory default signature definitions
6 Enable/Disable Signatures
You can use the Cisco IOS Software command-line interface (CLI) to enable or disable one
signature or a group of signatures based on signature categories.
Following are example CLI commands to disable signature 6130/10.
training#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
training(config)#ip ips signature-definition
training(config-sigdef)#signature 6130 10
training(config-sigdef-sig)#status
training(config-sigdef-sig-status)#enabled false
training(config-sigdef-sig-status)#exit
training(config-sigdef-sig)#exit
training(config-sigdef)#exit
Do you want to accept these changes? [confirm]y
training(config)#