Viewing Cisco NSDB information

[Jonathan Lowther <jon.lowther () activis com>]

Is there a way of accessing the .html files that make up the NSDB on a Cisco sensor?? I mean the files called 
expsig_<ID>.html.

My company has its own internal knowledgebase of alerts, and I wanted to import the data from the Cisco NSDB into our 
own database (we do something similar for ISS alerts).

We used to do this with version 3.x (this was before my time) but we needed to install the updates to the Cisco Secure 
Policy Manager and we could then get the .html files.

However, we are now migrating to 4.1 and I don't want to have Cisco Secure Policy manager (or any other system) just to 
be able to view the NSDB.

I know that I can view the NSDB by logging into the sensor, but I am not really able to access the files themselves 
because the command line interface is all menu driven. For example, I can't log on to the sensor and just FTP the .html 
files to my desktop where I run my import script.

I had the idea that the .html files must be contained in the update files (for example, IDS-sig-4.1-3-S66.rpm.pkg), but 
I can't seem to unpack them. I managed to get a utility to extract RPMs, but I am not able to extract the .pkg file.

Has anyone got any ideas of how I can obtain the .html files from the NSDB? If I can obtain from direct from a 
signature update file then that would be best because I could probably automate the process.

FYI. I have a Cisco 4210 Sensor running 4.1(3)S61

Thanks in advance,

Jonathan Lowther

---------------------------------------------------------------------------
---------------------------------------------------------------------------