: Troubleshooting the IPS Signature Converter
Focus
Focus

Troubleshooting the IPS Signature Converter

Table of Contents

Troubleshooting the IPS Signature Converter

Learn how to resolve IPS rule conversion failures.
If your rules fail to convert, use the following command in the Panorama command-line interface (CLI) to see a detailed summary of the failure:
admin@M-200-49> tail follow yes lines 1 plugins-log plugin_ips_signature_converter.log
The output consists of a list of the logs for each rule and a final summary of the status of their conversion.
Rule Logs
The output first lists the logs for each rule that you submitted for conversion. Each log contains the following fields.
FieldValues
LineThe line number of the rule.
result
  • True—The rule converted successfully.
  • False—The rule failed to convert.
type
  • normal—The rule contains a pattern to search packet payloads.
  • edl—The rule is a list of suspect URLs, IP addresses, or domains.
hashA unique identifier for each rule that successfully converted. This output is None if conversion failed.
msgDetails about a signature with a result of failed or warned.
Summary
After listing the logs for each rule, the output displays a summary of the conversion results.
FieldThe number of rules that...
TotalWere submitted for conversion.
SucceedConverted successfully.
WarnedConverted successfully but contain minor syntax errors or that pose a risk, such as high performance impact or false-positive rate.
SkippedConverted successfully and share a common vulnerabilities and exposures (CVE) identifier with a signature that already exists in the Palo Alto Networks Threat Vault.
DuplicatedWere repeated in the submission.
FailedFailed to convert.