VMS SecMon2.2 SP2 zeros out report counts

Unanswered Question
Mar 13th, 2007

I have two identical VMS 2.3 servers, with all current OS and VMS Patches applied. When the SecMon 2.2 Service Pack 2 is applied, all the generated reports "Count" field (the number of instances a particular signature fired) shows a value of ZERO. In my case the Service Pack was applied at two different times, and I can generate reports showing this problem occurs once the SP is applied. Has anyone found a solution to this problem, or is there any way to back this SP out of SecMon?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Nick Egloff Wed, 03/14/2007 - 07:11

I have a TAC ticket on this pending, but the engineer has been out and hasn't replied since I "proved" to him via Ciscoworks module information that I actually *DO* have the Sp2 installed...

If I hear anything, I'll keep you posted.


rhermes Mon, 03/19/2007 - 10:59

Thanks for the confirmation Nick. TAC told me nobody else reported this issue...(it was fun giving them your case number).

Cisco was able to verify that is indeed a problem with SecMon SP2. There is a patched file that corrects this problem, but I'd expect a new version of SP2 out soon (I hope). http://www.cisco.com/cgi-bin/tablebuild.pl/mgmt-ctr-ids-app

BTW any data SecMon stores while the bad SP2 is installed will forever make those day's reports contain zero counts. So sorry.

Nick Egloff Mon, 03/19/2007 - 14:57

No problem whatsoever; I was able to use YOUR tac case to get them to confirm the bug and get a copy of the replacement receiver.exe that you tried.

I just installed it a few minutes ago, so we'll see if it works for tomorrow morning or for the next days reports...


This Discussion