Troubleshooting the IPS Signature Converter
Learn how to resolve IPS rule conversion failures.
| Where Can I Use
This? | What Do I Need? |
|---|
If your rules fail to convert, use the
following command in the Panorama command-line interface (CLI) to
see a detailed summary of the failure:
admin@M-200-49> tail follow yes lines 1 plugins-log plugin_ips_signature_converter.log
The output consists of a list of the logs for each rule and a
final summary of the status of their conversion.
Rule Logs
The output first lists the logs for each rule that you submitted
for conversion. Each log contains the following fields.
| Field | Values |
|---|
| Line | The line number of the rule. |
| result | - True—The
rule converted successfully.
- False—The rule failed to convert.
|
|
| hash | A unique identifier for each rule that successfully
converted. This output is None if conversion
failed. |
| msg | Details about a signature with a result of failed or warned. |
Summary
After listing the logs for each rule, the output displays a summary
of the conversion results.
| Field | The number of rules that... |
|---|
| Total | Were submitted for conversion. |
| Succeed | Converted successfully. |
| Warned | Converted successfully but contain minor syntax
errors or that pose a risk, such as high performance impact or false-positive
rate. |
| Skipped | Converted successfully and share a common vulnerabilities
and exposures (CVE) identifier with a signature that already exists
in the Palo Alto Networks Threat Vault. |
| Duplicated | Were repeated in the submission. |
| Failed | Failed to convert. |
