Is it possible to delete the idp signature database from a branch-level SRX (preferably not a factory-reset)? I ran a trial license and now I want to reclaim the space so that I can fit a full Junos package onto one of the partitions. License is deleted already, but the DB is still present.
I figured that would be possible, but I'm not sure if just deleting the files via the shell cleans up all references to the files. I would think that the option should be available via the CLI (probably using some 'request' command). If that is not the case, I would think that there would at least be some KB article or documentation on how to 'manually' go about deleting the files and any references to them.
I had a database corruption earlier on this year. I contacted JTAC and was sent instructions on how to delete the database.
If you follow the instructions to stop the IDP process and then delete the IDP database, it should help.
How to recover from database failures for IDP:
Disable idpd process from the configuration
root@router# set system processes idp-policy disable root@router# commit
Once the idpd process is disabled, go to initialize (prune current records).
secdb failures, execute the following:
root@router% rm /var/db/idpd/db/secdb* /var/db/idpd/db/rdm.taf
Now reboot the device (it will initialize the secdb database) root@router% cli root@router> request system reboot
RE attack cache (DFA/PCRE cache) failures, execute the following:
Once the idpd process is disabled, we can go ahead to prune the database records
root@router# rm /var/db/idpd/db/dfa* /var/db/idpd/db/pcre* root@router# rm /var/db/idpd/db/cache.dbd /var/db/idpd/db/rdm.taf
Now reboot the device (it will initialize the cache database) root@router# cli root@router> request system reboot
Note: For RE attack cache, users need not do anything (the cache will build-up on subsequent policy compilation(s)).
After the device reboots, enable idpd process root@router% cli root@router> edit root@router# delete system processes idp-policy oot@router# commit
Now download the full-update of the security package and install it
root@router> request security idp security-package download full-update root@router> request security idp security-package download status
Once the download is complete, install it:
root@router> request security idp security-package install root@router> request security idp security-package install status
The device is recovered from secdb failure.
The newer fimrware images have a smaller foot print and freee up storage space.