Ips 5.0 File Structure - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

IPS 5.0 File Structure

</sd:originator>
<sd:time offset="0" timeZone="UTC">1043238671706378000</sd:time>
<sd:signature description="IOS Udp Bomb" id="4600" cid:version="S37">
</sd:signature>
...
IPS 5.0 File Structure
IPS 5.0 has the following directory structure:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
A-36
<cid:subsigId>0</cid:subsigId>
/usr/cids/idsRoot—Main installation directory.
/usr/cids/idsRoot/shared—Stores files used during system recovery.
/usr/cids/idsRoot/var—Stores files created dynamically while the sensor is running.
/usr/cids/idsRoot/var/updates—Stores files and logs for update installations.
/usr/cids/idsRoot/var/virtualSensor—Stores files used by SensorApp to analyze regular expressions.
/usr/cids/idsRoot/var/eventStore—Contains the Event Store application.
/usr/cids/idsRoot/var/core—Stores core files that are created during system crashes.
/usr/cids/idsRoot/var/iplogs—Stores iplog file data.
/usr/cids/idsRoot/bin—Contains the binary executables.
/usr/cids/idsRoot/bin/authentication—Contains the authentication application.
/usr/cids/idsRoot/bin/cidDump—Contains the script that gathers data for tech support.
/usr/cids/idsRoot/bin/cidwebserver—Contains the web server application.
/usr/cids/idsRoot/bin/cidcli—Contains the CLI application.
/usr/cids/idsRoot/bin/nac—Contains the Network Access Controller application.
/usr/cids/idsRoot/bin/logApp—Contains the logger application.
/usr/cids/idsRoot/bin/mainApp—Contains the main application.
/usr/cids/idsRoot/bin/sensorApp—Contains the sensor application.
/usr/cids/idsRoot/bin/falcondump—Contains the application for getting packet dumps on the
sensing ports of the IDS-4250-XL and IDSM-2.
/usr/cids/idsRoot/etc—Stores sensor configuration files.
/usr/cids/idsRoot/htdocs—Contains the IDM files for the web server.
Appendix A System Architecture
78-16527-01